HomeCyber BalkansSEC cybersecurity disclosure rules checklist

SEC cybersecurity disclosure rules checklist

Published on

spot_img

The Securities and Exchange Commission (SEC) has implemented new rules in 2023 that mandate public companies to disclose any material cyber incidents that may significantly impact their ability to conduct business. This disclosure must be made through Form 8-K Item 1.05 within four business days of determining the materiality of the incident. The information must include details such as the nature of the incident, the extent of compromise to corporate assets, the timing of the incident and response, and the actual or potential impact, both qualitative and quantitative.

If all relevant information is not available within the four-day window, the company must note this in the initial filing and subsequently file an amended Form 8-K once the data is obtained. Additionally, incidents involving third-party service providers also fall under reporting requirements, where organizations must disclose any cyberattacks affecting their business due to third parties.

It is important to note that organizations are not required to divulge technical or operational details that could compromise their incident response and remediation capabilities. In cases where disclosure of a cybersecurity incident poses a substantial national security or public safety risk, the organization can delay disclosure with approval from the U.S. attorney general. All information must be submitted in an interactive data file to the SEC.

Furthermore, the new rules dictate that public companies must provide details about their cybersecurity risk management, strategy, and governance practices in their annual reports. This information must be disclosed on Form 10-K and should include processes for assessing, identifying, and managing material cyber risks, as well as the impact of cybersecurity threats on business strategy, operations, and financial conditions.

For foreign private issuers (FPIs), comparable disclosures on material cybersecurity incidents and risk management practices must be made on Form 6-K and Form 20-F respectively. FPIs are foreign issuers with securities predominantly held by U.S. residents and substantial business operations in the U.S.

In summary, the SEC’s cybersecurity disclosure rules require prompt reporting of material incidents, detailed descriptions of risk management strategies, and governance practices. These regulations aim to provide shareholders and investors with consistent access to information that could influence their investment decisions. Compliance with these rules is essential for public companies to maintain transparency and accountability in the face of evolving cyber threats.

The SEC’s focus on cybersecurity disclosures underscores the increasing importance of addressing cyber risks in today’s digital landscape. By establishing clear reporting requirements and governance guidelines, the SEC aims to enhance the overall cybersecurity posture of public companies and protect the interests of shareholders and investors.

Source link

Latest articles

EU Extends Chat Control Rules to 2028

EU Moves Towards Extension of Temporary Child Protection Regulations: Privacy Concerns Emerge The European Union...

281 Android VPN Apps Expose Users to Traffic Leaks, Tracking, and Tunnel Hijacking Issues

A recent security analysis has illuminated significant privacy and security vulnerabilities within a staggering...

UNK MassTraction Aims for Partnerships with US and Canadian Universities

Targeted Cyber Attacks on U.S. and Canadian Universities: The Threat of UNK_MassTraction A newly identified...

Dell BIOS Flaw Allows Attackers to Extract Plaintext Passwords Without Brute Force

Critical Dell BIOS Vulnerability Exposed: An Urgent Security Concern A recently surfaced vulnerability in Dell's...

More like this

EU Extends Chat Control Rules to 2028

EU Moves Towards Extension of Temporary Child Protection Regulations: Privacy Concerns Emerge The European Union...

281 Android VPN Apps Expose Users to Traffic Leaks, Tracking, and Tunnel Hijacking Issues

A recent security analysis has illuminated significant privacy and security vulnerabilities within a staggering...

UNK MassTraction Aims for Partnerships with US and Canadian Universities

Targeted Cyber Attacks on U.S. and Canadian Universities: The Threat of UNK_MassTraction A newly identified...