SEC Updated Cybersecurity Ruling as of July 2023
Are you prepared for the new SEC rules on cybersecurity risk?
The Securities and Exchange Commission recently adopted their much anticipated rules on cybersecurity risk management, strategy, governance and incident disclosure by public companies.
K logix's SEC Final Cybersecurity Rule Readiness Assessment guides organizations to address these new requirements. This assessment helps you:
- Prove and identify how risk is managed at your organization
- Illustrate the strength of existing and in-flight programs i.e., Risk Management, Third-Party Risk Management (TPRM)
- Allow your board to disclose how well-informed they are to assess and manage risk
- Assist with readying you to report on material incidents when they occur
What is the new SEC ruling?
Effective December 15th, 2023, the Security and Exchange Commission (SEC) released a new cybersecurity disclosure rule that imposes updated, annual requirements for all SEC registrants. The rule focuses on registrants’ risk management strategy, cyber threat governance, and disclosure of material cybersecurity incidents. The idea is that, through the following measures, transparency and awareness will increase, thereby protecting the interests of investors, companies, and markets alike.
- Risk Management and Strategy: Registrants must describe their processes for management of material risks from cybersecurity threats.
- Governance: Registrants must describe the board’s oversight of risks from cybersecurity threats and describe management’s role in assessing and managing material risks from cybersecurity threats
- Material Cybersecurity Incidents: Registrants must disclose any cybersecurity incident they experience that is determined to be material, and describe the material aspects. This filing must occur within four business days of determining an incident was material.