Close this search box.
Home / Articles / The Latest on Cybersecurity Regulations from the SEC

The Latest on Cybersecurity Regulations from the SEC

August 3, 2023


Businesses continue embracing innovation and technology, but with the rise of digitization comes the critical challenge that no organization can afford to ignore, cybersecurity threats. Publicly traded companies are prized targets for cyber attackers seeking to exploit vulnerabilities and obtain sensitive information because of the volume of data they send, receive, and store.

In recognition of the seriousness of these attacks and the consequences for companies and shareholders, the Securities and Exchange Commission (SEC) has taken a significant new step in cybersecurity protection for the corporate world. The new SEC cybersecurity regulations mandate public companies embrace transparency like never before when it comes to cybersecurity incidents and risk management practices. Below we have outlined what you need to know about the new rules set to take effect. 

What Do You Need to Know?

Mandatory Disclosure of Material Cybersecurity Incidents:

The new rules by the SEC require businesses to disclose any material cybersecurity incidents they experience. These disclosures must be made through Form 8-K’s new Item 1.05 and should include details about the incident’s nature, scope, timing, and its material impact or potential impact on the business.

Annual Cybersecurity Risk Management Disclosure:

Companies are now obligated to provide annual information about their cybersecurity risk management, strategy, and governance. This disclosure must be included in the annual report on Form 10-K and should describe the processes for assessing, identifying, and managing material cybersecurity risks, as well as the effects of such risks and previous cybersecurity incidents.

Comparable Disclosures for Foreign Private Issuers:

The new SEC cybersecurity regulations also apply to foreign private issuers, requiring them to make comparable disclosures. Foreign private issuers must provide information about material cybersecurity incidents through Form 6-K and disclose their cybersecurity risk management, strategy, and governance on Form 20-F.

Timeline for Compliance:

The final rules will become effective 30 days after their publication in the Federal Register. For Form 10-K and Form 20-F disclosures, businesses must comply for fiscal years ending on or after December 15, 2023. For Form 8-K and Form 6-K disclosures, they will be due 90 days after publication in the Federal Register or by December 18, 2023, whichever is later. Smaller reporting companies have an additional 180 days before they need to provide Form 8-K disclosure.

Compliance with Structured Data Requirements

All registrants must tag disclosures required under the final rules in Inline XBRL beginning one year after their initial compliance with the related disclosure requirement. This is to ensure standardized and machine-readable data for improved analysis and comparison.

Overall, these new rules aim to enhance the consistency, comparability, and usefulness of cybersecurity disclosures for the benefit of investors, companies, and the markets. Businesses should be prepared to implement these requirements and ensure they have adequate cybersecurity measures and risk management strategies in place to comply with the SEC’s regulations. 

If you need help with understanding the process or ensuring compliance, don’t hesitate to contact the Cybersecurity team at Clark Schaefer Consulting for assistance. 

All content provided in this article is for informational purposes only. Matters discussed in this article are subject to change. For up-to-date information on this subject please contact a Clark Schaefer Hackett professional. Clark Schaefer Hackett will not be held responsible for any claim, loss, damage or inconvenience caused as a result of any information within these pages or any information accessed through this site.


Related Articles


2 Min Read

Leveraging AI to Add Value to Your Business


2 Min Read

Navigating SOX: How Compliance Shapes Trust and Stability 


2 Min Read

The Vital Imperative: Why Businesses Must Undertake Risk Assessments 


2 Min Read

IT Audit Guide for Ohio Sports Gaming: Rule 3775-16-20


2 Min Read

 4 Key Benefits of a Cybersecurity Live Fire Exercise 


2 Min Read

Fair Lending Compliance: What You Need to Know

Get in Touch.

What service are you looking for? We'll match you with an experienced advisor, who will help you find an effective and sustainable solution.

  • Hidden
  • This field is for validation purposes and should be left unchanged.