SEC Approves New Regulation – Cybersecurity Incident Disclosure

Alert Published: Jul 31, 2023
Authors
Ray Baxter
Related Industries
Commercial Products
Energy & Natural Resources
Financial Services
Healthcare
Insurance
Manufacturing, Wholesale & Distribution
Related Services
Cybersecurity
Healthcare Consulting
IT Risk & Compliance Services
Abstract Black And Golden Globe With Glowing Networks - Europe

On July 26, 2023, the SEC approved a new regulation requiring all public companies to disclose incidents that have a material impact within four days after determining the materiality—not the initial discovery. As cybersecurity risks continue to rise, this ruling will help standardize disclosures to protect investors. The requirements of the disclosure include:

  • Reporting a cybersecurity incident on Form 8-K, explaining the nature and scope of the incident
  • Annually reporting cybersecurity incidents on Form 10-K, outlining registrants and including:
    • Process to assess, identify, and manage material risks cybersecurity threats pose
    • Possible material effects from current and previous cybersecurity threats
    • Board of directors’ insight and expertise on cybersecurity threats

FORVIS has evaluated the rule and released an in-depth article.

Additional details are available on the SEC website. If you have any questions or need assistance, please reach out to a professional at FORVIS or use the Contact Us form below.

Related FORsights

Let's Connect

Subscribe to our content or get in touch with us today

Subscribe Contact Us