New 2023 SEC Cybersecurity Ruling: Summary, Changes & Tips to Prepare

Cyber security Data Protection Information privacy antivirus virus defence internet technology concept.

The SEC recently released a new ruling on July 26, 2023, that requires all public companies to disclose material cybersecurity incidents within 4 days of identification as material. This applies to nearly all registrants that file periodic reports with the SEC, including smaller reporting companies and foreign private issuers.

In addition, registrants must now also disclose information regarding their cybersecurity processes on an annual basis, including the ways in which they assess, identify, and manage material risks from cybersecurity threats and any previous material cybersecurity incidents they experienced.

As experts in helping organizations drive successful SEC collaboration and implement a risk-based approach to growth and scale, we’ve outlined some essential information about the new cybersecurity regulations alongside some steps your organization can take to properly prepare.

2023 SEC Cybersecurity Rulings at a Glance

10-K Requirements:

  • Describe process for assessment, identification, and management of material cybersecurity risks.
  • Describe whether any risks from cybersecurity threats have materially affected or could affect your business.
  • Describe the board’s oversight of risks from cybersecurity threats.
  • Describe management’s role and expertise in assessing and managing cybersecurity risks.

8-K Requirements:

  • Disclose any material cybersecurity incident within four (4) business days of determining the incident was material.
  • Amend any prior 8-K filing if new information about the incident becomes available.

What Organizations Can Do to Navigate New SEC Cybersecurity Requirements

While these changes may pose a challenge, Bridgepoint Consulting’s experienced risk management and cybersecurity specialists are here to help you quickly adapt to these new SEC rulings.

We can perform a cybersecurity assessment with recommendations targeted toward areas of vulnerability and gaps, implement and/or document processes for assessing, identifying, and managing material cyber risks, or assist with drafting 10K disclosures.

Quick tips & steps to prepare for the new 2023 SEC cybersecurity rulings:

  • Conduct a cybersecurity risk assessment to gain a thorough understanding of your organization’s current practices, policies, and procedures and identify any inconsistencies, vulnerabilities, and areas for improvement.
  • Ensure you have the right measures (re: encryption, access controls, and routine data privacy audits) in place to safeguard your data and organization from threats.
  • Develop a cybersecurity incident response plan to outline everything your organization must do (and who must be notified) in the event that a breach does occur.
  • Ensure your employees are properly trained on cybersecurity best practices, potential threats, and safe online behaviors.
  • Continuously monitor your cybersecurity initiatives to adapt to ongoing threats and regulatory changes as they arise.
  • Develop processes for board oversight to support strategic decision-making activities.

Need Cybersecurity Support?

Operating in today’s tech-forward financial landscape demands threat intelligence, preventive controls and agile responses. Balancing these challenges in an ever-shifting regulatory market creates additional complexities that can lead to reactive risk management.

Bridgepoint Consulting translates insight to action by equipping organizations with proactive, on-demand solutions so they can embrace uncertainty, mitigate risk and empower organizational growth.

Contact us or sign up for a free assessment today.