You're Ready For The New Sec Cybersecurity Rules. Have You Included Your OT?
Cisco News, Wednesday, September 6,2023
As part of an ongoing effort to mitigate risks to investors, the US Securities and Exchange Commission (SEC) enacted new cybersecurity rules last month to provide investors greater levels of transparency, giving them relevant, updated information that helps them assess cyber risks more effectively and make informed investment decisions.
The new rules require public companies to disclose:
- All material cybersecurity incidents within four days.
- Material information on their cybersecurity risk management, strategy, and governance on an annual basis.
Disclosure of incidents
In a press release, the SEC states that the new Item 1.05 of Form 8-K which requires registrants to disclose any cybersecurity incident that is determined to be 'material' - meaning that it may have a significant impact on the company's financial position or operation, generally within four days. The registrant also must describe aspects of the incident including timing, nature, and scope as well as its impact or reasonably likely material impact on the registrant from the incident.