Navigate SEC Cyber Rules Compliance
The ﬁnal SEC cyber rules focus on standardizing disclosures related to cybersecurity incidents and reporting on cybersecurity risk management, strategy, and governance for public companies.
- Report “material” cybersecurity incidents within 96 business hours
- Determine materiality within a reasonable time
- Describe the incident’s material impact or reasonably likely material impact
- Disclose the company’s risk management in annual filings
- Disclose the company’s governance structure for cybersecurity risks in annual filings
Need more information?
This whitepaper provides a comprehensive view of the new SEC cybersecurity rules. It includes risk management and disclosure requirements for public companies. And, it outlines a compliance framework.