Steps to Follow to Comply With the SEC Cybersecurity Disclosure Rule
Back in July, the Securities and Exchange Commission (SEC) adopted a rule “requiring registrants to disclose material cybersecurity incidents they experience and to disclose on an annual basis material information regarding their cybersecurity risk management, strategy, and governance.”
The new rule requires a Form 8-K to be filed within “four business days of determining an incident was material.”
Enforcement kicks in Dec. 15. Jill C Tyson of Mandiant (now part of Google Cloud) discusses with Dark Reading’s very own Terry Sweeney the basic requirements of the SEC cybersecurity rule, as well as how affected companies can begin to prepare.
Tyson offers up timelines and checklists, along with other guidance around enterprise-wide readiness to ensure compliance with new rule.
“Information is material if there is a substantial likelihood that a reasonable shareholder would consider it important in making an investment decision, or if it would have significantly altered the ‘total mix’ of information made available,” the SEC stated. “Doubts as to the critical nature of the relevant information should be resolved in favor of those the statute is designed to protect, namely investors.”
Read More HERE