On July 26th, the Securities and Exchange Commission adopted their much anticipated rules on cybersecurity risk management, strategy, governance and incident disclosure by public companies. These rules go into effect on December 15th, 2023, read more here: https://www.sec.gov/news/press-release/2023-139
Our team has put together these brief highlights, but if you’d like to better understand how these impact your organization, set up a call with us today.
Risk Management and Strategy:
Registrants must describe their processes for management of material risks from cybersecurity threats
Describe the board’s oversight of risks from cybersecurity threats
Describe management’s role in assessing and managing material risks from cybersecurity threats
Material Cybersecurity Incidents:
Registrants must disclose any cybersecurity incident they experience that is determined to be material, and describe the material aspects
This filing must occur within four business days of determining an incident was material.
K logix services to address these new rulings:
Risk Assessments: Better understand how you manage risk
Executive Training: Allows boards to disclose how well informed they are to assess and manage risk
Risk Management and Third-Party Risk Programs: Develop or build these programs strength
Tabletop Exercises: Ensure you are ready and able to report on material incidents when they happen
Set-up a complimentary call with one of our consultants today to better understand how these rulings impact your organization and key steps to take.