Power Your Cybersecurity Compliance Excellence with Risk Cloud®
The SEC Cyber Compliance Solution gives your team the necessary tools and expertise to navigate the upcoming regulatory changes from the Securities and Exchange Commission.
Compliance deadlines are fast approaching. Find out how the SEC Cyber Compliance Solution can prepare your business to stay compliant and secure, starting today!
The new rules require publicly traded companies and foreign private issuers to disclose cybersecurity incidents they experience and provide annual disclosures on their cybersecurity risk management, strategy, and governance.
To ensure compliance with the new SEC requirements, companies can leverage our next-generation GRC solution, Risk Cloud, to streamline the process when disclosing cybersecurity incidents, strengthen cybersecurity posture, and improve overall governance and risk management practices. Our experts will guide you through the process and ensure your organization meets all its obligations.
The new rules aim to provide investors with more consistent and valuable cybersecurity disclosure information. By ensuring companies disclose material cybersecurity information, these rules will benefit investors, companies, and the markets connecting them.
Item 1.05 of Form 8-K is the section where registrants must disclose any cybersecurity incident they determine to be material within four business days.
Regulation S-K Item 106 requires registrants to describe their processes for assessing, identifying, and managing material risks from cybersecurity threats and the material effects of these risks and previous cybersecurity incidents. It also includes requirements for the board of directors' oversight and management's role and expertise in addressing cybersecurity threats.
Registrants will need to disclose cybersecurity incidents on Form 8-K, and provide cybersecurity risk management, strategy, and governance disclosures on Form 10-K (for public companies), Form 20-F (for foreign private issuers), Form 6-K (for foreign private issuers' cybersecurity incidents), and Form 20-F (for cybersecurity risk management, strategy, and governance of foreign private issuers).
All registrants must tag disclosures required under the final rules in Inline XBRL beginning one year after initial compliance with the related disclosure requirement.
Yes, the disclosure may be delayed if the United States Attorney General determines that immediate exposure would pose a substantial risk to national security or public safety.