Cybersecurity In-Depth: Feature articles on security strategy, latest trends, and people to know.
Steps to Follow to Comply With the SEC Cybersecurity Disclosure Rule
Mandiant/Google Cloud's Jill C. Tyson offers up timelines, checklists, and other guidance around enterprisewide readiness to ensure compliance with the new rule.
November 6, 2023
Back in July, the Securities and Exchange Commission (SEC) adopted a rule "requiring registrants to disclose material cybersecurity incidents they experience and to disclose on an annual basis material information regarding their cybersecurity risk management, strategy, and governance."
The new rule requires a Form 8-K to be filed within "four business days of determining an incident was material."
Enforcement kicks in Dec. 15. Jill C. Tyson, practice lead, crisis communications, at Mandiant Consulting (now part of Google Cloud) discusses with Dark Reading's Terry Sweeney the basic requirements of the SEC cybersecurity rule, as well as how affected companies can begin to prepare.
Tyson offers up timelines, checklists, and other guidance around enterprisewide readiness to ensure compliance with new rule.
"Information is material if there is a substantial likelihood that a reasonable shareholder would consider it important in making an investment decision, or if it would have significantly altered the 'total mix' of information made available," the SEC stated. "Doubts as to the critical nature of the relevant information should be resolved in favor of those the statute is designed to protect, namely investors."
You May Also Like