Report cover image

The SEC's Four-Day Reporting Rule Presents a Critical New Need to Define Materiality

Publisher IDC
Published Sep 27, 2023
Length 11 Pages
SKU # IDC18202359

Description

The SEC's Four-Day Reporting Rule Presents a Critical New Need to Define Materiality


This IDC Perspective discusses SEC's four-day reporting rule that presents a critical new need to define materiality. Wall Street's top regulator, the U.S. Securities and Exchange Commission, has adopted new cybersecurity rules that require companies to disclose a material cyberbreach within four days of determining that the breach is material. Until now, breach notification has been driven primarily by regulations or industry rules requiring notification "without unreasonable delay," which affords a fair amount of bandwidth within which to understand and assess a situation and then determine the most appropriate path forward. The new SEC rules raise the bar for publicly traded companies, not only demanding that they know that an incident has occurred but also requiring their boards to quickly get fact based regarding where there is significant potential impact on the company's financial position, operations, customer relationships, or reputation. "Assessing and reporting based on materiality of an incident adds a new and critical level of analysis for CIOs and CISOs in publicly traded companies," says Alizabeth Calder, adjunct research advisor for IDC's IT Executive Programs (IEP). "We need to arm ourselves with the best possible interpretation and guardrails in advance of an incident, so we don't get caught in situational urgency where the 96-hour rule undermines prudent decisions about whether the incident is actually material and thus reportable. We look forward to learning more as the SEC rules are absorbed and will sharpen our thoughts and guidance as more details emerge."

Please Note: Extended description available upon request.

Table of Contents

11 Pages
Executive Snapshot
Situation Overview
Advice for the Technology Buyer
Have Clarity on What Needs to Be Reported: The Risk Appetite
Ensure That You Have the Data to Assess, Monitor, and Report in the Context of the Approved Risk Tolerance
How to Define and Measure the Incident Impact
How to Report an Incident
Reduce the Impact of Breach Notification and Compliance by Planning Ahead
Learn More
Related Research
Synopsis

Pricing

Currency Rates
How Do Licenses Work?

How Do Licenses Work?

The primary function of a report license is to define how many people within a company are authorized to use the purchased report. This is separate to how a report might be delivered. Unless specifically identified otherwise, the purchase option is Single User. Below is a helpful description of that license, along with a sampling of others most commonly offered.

  • This license allows only one user to have access to and to use/read the report. It is not one user at a time or one user group; it is an individual who will be reading and utilizing the report.

  • This license allows for the entire purchasing company to read and use the report. This is the license level that would allow for a report to be placed on an internal company shared drive for access by all employees of that direct company. This license does not extend to parent or sister company use.

  • This license is designed to allow an entire department within a company full access to a report. The departmental license is a great option for companies that have more than one location and the department is spread out all over the country/world

  • This license is for companies that have one location where they want the report to be accessible by all employees within that physical location.

  • This is the most flexible of the licensing options. Some publishers will allow you to get a license for a preset number of people (typically 5). These licenses are ideal for small work groups.

License options are at the discretion of each publisher. As such, not all licenses indicated above are available for every product. If you are uncertain of the best license for your needs or would like a license that is not proactively available, please contact us and we will be happy to assist.

Head shot

Questions or Comments?

Our team has the ability to search within reports to verify it suits your needs. We can also help maximize your budget by finding sections of reports you can purchase.
Chat Now
Contact Us