November 14, 2023 at 11:18AM
The Securities and Exchange Commission (SEC) has implemented a new rule requiring companies to file a Form 8-K within four business days of determining that a cybersecurity incident is material. This rule also mandates annual disclosure of material cybersecurity incidents and information on cybersecurity risk management, strategy, and governance. Jill C. Tyson, a practice lead at Mandiant Consulting, provides insights on compliance with the rule, including timelines, checklists, and guidance on incident response and communication.
Based on the meeting notes, it was discussed that a new rule from the Securities and Exchange Commission (SEC) regarding cybersecurity incidents will take effect on December 15. The rule requires companies to file a Form 8-K within four business days of determining that a cyber incident is material. In addition, companies are required to disclose material cybersecurity incidents and provide annual disclosures on their cybersecurity risk management, strategy, and governance.
Jill C. Tyson, the practice lead for crisis communications at Mandiant Consulting (now part of Google Cloud), had a discussion with Terry Sweeney from Dark Reading. They covered the basic requirements of the SEC cybersecurity rule and highlighted the changes that companies need to make. Tyson provided timelines, checklists, and guidance to ensure enterprise-wide readiness for compliance with the new rule. The discussion also addressed changes in incident response and how incidents should be communicated both internally and externally.
Overall, the meeting focused on the upcoming SEC cybersecurity rule and the necessary steps for companies to comply with it.