How to make sense of the new SEC cyber risk disclosure rules

0
182

SEC’s new cybersecurity risk management, strategy, governance, and incident disclosure rules, which require increased transparency around cybersecurity incidents, have been in effect since December 18, 2023. For businesses that already harbor concerns over their cybersecurity protections, visibility, and incident response preparedness, meeting the SEC’s new incident reporting rules can be a serious challenge. Crucially, these rules impact private enterprises as well as publicly traded corporations, calling for organizations of all shapes and sizes to examine and potentially revise their practices.

SEC’s new rules

Let’s take a deeper look at the SEC’s new rules, their implications, and the steps businesses can take to streamline reporting and successfully adapt to this change.

The new rules

Under the SEC’s new cybersecurity rules, public companies must report any material incident (defined as an incident that a reasonable investor would likely consider important) within four business days of becoming aware of it. Companies must also now file a report if a series of previously undisclosed incidents share a common factor that points to a material cybersecurity issue, such as…

Read More…

Актуальные книги на английском