1 / 8

SEC Cyber Disclosure Rules - Essert Inc

Essert Inc. guide on SEC 10-K cybersecurity disclosures outlines new rules requiring public companies to detail their cyber risk management programs in their annual reports. These disclosures, aimed at informing shareholders, include descriptions of cyber risk programs, third-party oversight, material incidents, and governance. Companies must highlight their board's oversight and management's role in cyber risk, ensuring clarity without revealing sensitive security details. The focus is on processes rather than policies, emphasizing material risks relevant to investment decisions.

Essert
Download Presentation

SEC Cyber Disclosure Rules - Essert Inc

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. SEC Cybersecurity Disclosure Requirements The U.S. Securities and Exchange Commission (SEC) has implemented new rules requiring public companies to disclose their cybersecurity risk management programs in their annual reports. These disclosures are intended to inform shareholders about the cybersecurity risks facing the company.

  2. Key Disclosures Cyber Risk Program Third-Party Oversight 1 2 Companies must describe their cyber risk management program, including policies, procedures, and controls. Companies must disclose their oversight of third-party vendors, including how they assess and manage cybersecurity risks. Material Incidents Governance 3 4 Public companies must report any material cybersecurity incidents, including the impact and remediation efforts. Companies must detail how their board of directors oversees cybersecurity risk, including their role in setting policies and reviewing incidents.

  3. Focus on Processes Process-Oriented Material Risks Investment Decisions The SEC new regulations emphasize the importance of processes over specific policies. Companies should describe their processes for identifying, assessing, and managing cyber risks. Disclosures should focus on material cyber risks that could impact the company's operations, financial performance, or reputation. The goal of these disclosures is to provide investors with the information they need to make informed investment decisions.

  4. Board Oversight and Management Responsibility Board Oversight 1 Companies must describe the board's role in overseeing cybersecurity risk, including their responsibilities for setting policies, approving budgets, and reviewing incidents. Management Responsibility 2 Companies must outline management's responsibility for developing and implementing cybersecurity risk management programs, and for reporting to the board. Clear Communication 3 The SEC regulations emphasize the need for clear and concise communication to investors.

  5. Balancing Transparency and Security Transparency Security Striking a Balance Companies must provide sufficient information to investors about their cybersecurity risks and management programs. Companies must also be careful not to disclose sensitive security details that could compromise their systems. The SEC's regulations aim to strike a balance between transparency and security.

  6. Impact on Public Companies Increased Costs Companies may need to invest in additional resources and technology to comply with the new disclosure requirements. Enhanced Accountability The regulations increase accountability for companies to manage their cybersecurity risks effectively. Investor Confidence Transparent cybersecurity disclosures can build investor confidence by providing insights into a company's risk management practices.

  7. Compliance Guidance SEC Guidance Industry Best Practices Legal Counsel The SEC has issued guidance on the new cybersecurity disclosure requirements, providing insights on how companies should approach compliance. Companies should consult with legal counsel to ensure compliance with the new regulations. Companies should refer to industry best practices for cybersecurity risk management, such as the NIST Cybersecurity Framework.

  8. Future of Cybersecurity Disclosures Evolving Landscape Increased Focus Improved Transparency The cybersecurity threat landscape is constantly evolving, and the SEC's disclosure requirements will likely adapt to reflect these changes. Expect increased focus on cybersecurity disclosures as investors place greater importance on a company's ability to manage cyber risks. The new regulations are expected to drive greater transparency around cybersecurity risks and management programs.

More Related