The SEC says corporations have four days to notify shareholders (via an 8-k) if a cyber incident is of material interest. Assessing materiality of a breach may sounds easy to leaders who deal with that concept in financial situation. But in the cyber domain complying with new SEC requirements will require many corporations to re-think the governance processes they have in place. This post provides insights which can help accelerate improvement of the quality and compliance of materiality decisions. It is based on decades of work in cybersecurity governance and a deep understanding of the new SEC regulations.
The SEC’s new cybersecurity disclosure rules require publicly traded companies to do things differently. These rules are far stronger than previous guidance, mandating detailed reporting on two major categories: governance processes designed to mitigate cyber risks and reporting on incidents that may have a material impact on shareholder opinions.
This post was originally published on 3rd party site mentioned in the title of this site
