Updated SEC Rules on Cybersecurity

On July 26th, the Securities and Exchange Commission adopted their much anticipated rules on cybersecurity risk management, strategy, governance and incident disclosure by public companies. These rules go into effect on December 15th, 2023, read more here:

Our team has put together these brief highlights, but if you’d like to better understand how these impact your organization, set up a call with us today.

  • Risk Management and Strategy: 
    • Registrants must describe their processes for management of material risks from cybersecurity threats
  • Governance:
    • Registrants must:
      • Describe the board’s oversight of risks from cybersecurity threats
      • Describe management’s role in assessing and managing material risks from cybersecurity threats
  • Material Cybersecurity Incidents:
    • Registrants must disclose any cybersecurity incident they experience that is determined to be material, and describe the material aspects
    • This filing must occur within four business days of determining an incident was material.

K logix services to address these new rulings: 

  • Risk Assessments: Better understand how you manage risk
  • Executive Training: Allows boards to disclose how well informed they are to assess and manage risk
  • Risk Management and Third-Party Risk Programs: Develop or build these programs strength
  • Tabletop Exercises: Ensure you are ready and able to report on material incidents when they happen
  • And more!


Set-up a complimentary call with one of our consultants today to better understand how these rulings impact your organization and key steps to take.


    Stay up to date with cyber security trends and more