November 7, 2023 at 01:52AM
The Securities and Exchange Commission (SEC) has implemented a new rule requiring companies to disclose cybersecurity incidents and provide annual information on their cybersecurity risk management, strategy, and governance. The rule mandates the filing of Form 8-K within four business days of determining an incident as material, with enforcement starting on December 15. Jill C Tyson of Mandiant, now part of Google Cloud, discusses the SEC cybersecurity rule and offers guidance on readiness and compliance. The SEC defines information as material if it would be important to a reasonable shareholder in making an investment decision.
The Securities and Exchange Commission (SEC) adopted a rule back in July that requires companies to disclose material cybersecurity incidents and provide annual information regarding their cybersecurity risk management, strategy, and governance. The new rule mandates the filing of a Form 8-K within four business days of determining that an incident is material. Enforcement of the rule will begin on December 15. Jill C Tyson from Mandiant, now part of Google Cloud, recently discussed the basic requirements of the SEC cybersecurity rule with Terry Sweeney from Dark Reading. Tyson offers timelines, checklists, and other guidance for companies to ensure compliance with the new rule. The SEC defines information as material if a reasonable shareholder would consider it important in making an investment decision, or if it would significantly affect the overall information available. The SEC encourages resolving any doubts about the critical nature of the information in favor of protecting investors.