In recent years, the frequency and impact of cyberattacks have increased dramatically, posing significant risks to businesses of all sizes.
Recognising the need for greater transparency and accountability in cybersecurity incidents, the US Securities and Exchange Commission (SEC) has implemented new rules that require public companies to promptly disclose material cyber incidents.
Tasked with disclosing significant cyber incidents within a four-day window, CFOs are rapidly evolving from their traditional financial roles to become key players in cybersecurity governance.
What are the new rules?
The SEC’s new cybersecurity disclosure rules, which went into effect in December 2023, emphasise timely and comprehensive reporting of material cybersecurity incidents.
Public companies are now required to disclose any cybersecurity incident that is determined to be material within four business days of confirmation.
The materiality of an incident is defined by the…
