
Securities and Exchange Commission Cybersecurity Ruling
Description
Securities and Exchange Commission Cybersecurity Ruling
This IDC Market Perspective discusses that in March 2022, the Securities and Exchange Commission (SEC) published a proposal introducing new rules, rule amendments, and form amendments for public companies that are subject to the reporting requirements of the Securities Exchange Act of 1934. These enhancements and disclosure standardizations are principally regarding cybersecurity risk management, strategy, governance, and material cybersecurity incidents of public companies. On July 26, 2023, the SEC finalized and adopted new rules significantly enhancing these cybersecurity requirements. “The SEC has upped the bar for public companies by finalizing new rules significantly upgrading security requirements. Public organizations must now clearly define their definitions of and processes for identifying material cybersecurity incidents,” according to Phil Harris, research director, Governance, Risk, and Compliance Services and Software, IDC. “On a positive note, there is no longer a requirement for board members to have expertise in cybersecurity and in the case of potential national security cybersecurity incidents notifications can be delayed based upon recommendation from the U.S. Attorney General.”
Please Note: Extended description available upon request.
Table of Contents
6 Pages
- Executive Snapshot
- New Market Developments and Dynamics
- Background
- Key Takeaways for Public Companies
- Disclosure of Material Cybersecurity Incidents
- Board Cybersecurity Expertise Removed
- Companies Must Disclose Processes
- National Security Delay Exception
- Next Steps
- Advice for the Technology Supplier and Services Provider
- Learn More
- Related Research
- Synopsis
Pricing
Currency Rates
Questions or Comments?
Our team has the ability to search within reports to verify it suits your needs. We can also help maximize your budget by finding sections of reports you can purchase.