Navigate SEC Cyber Rules Compliance

The final SEC cyber rules focus on standardizing disclosures related to cybersecurity incidents and reporting on cybersecurity risk management, strategy, and governance for public companies.

  • Report “material” cybersecurity incidents within 96 business hours
  • Determine materiality within a reasonable time
  • Describe the incident’s material impact or reasonably likely material impact
  • Disclose the company’s risk management in annual filings
  • Disclose the company’s governance structure for cybersecurity risks in annual filings

Need more information?

This whitepaper provides a comprehensive view of the new SEC cybersecurity rules. It includes risk management and disclosure requirements for public companies. And, it outlines a compliance framework.