IR Global members take note: all publicly traded companies in the U.S. have new cybersecurity risk management reporting rules! Moreover, these new rules will go into effect by the end of the year, which will greatly impact their 2023 10-K reports.
The U.S. Securities and Exchange Commission released a statement late on July 26, 2023, that its Commissioners had voted to issue the new cybersecurity guidance. The details will be published in the Federal Register prior to the rules becoming effective.
The highlights:
- Companies must disclose cyberattacks within 4 days of determining the attack present material risk.
- Foreign private issuers must follow similar reporting rules.
- Afterwards, exchange-listed companies must reveal the details of the attack, including the incident’s nature, scope, and timing
- In annual reporting on Form 10-K, companies must explain their processes and strategy for managing cyber risk
While media attention has focused on the very prompt 4-day reporting rule, it is the cyber risk management processes of company management that will be published that will be more impactful. Companies will be required to focus on their cyber strategy and revelations about prevention and response capabilities – or deficiencies – could prompt companies to devote more resources to managing cyber risk.
According to IR Global’s trusted advisor on cybersecurity, Douglas DePeppe of eosedge Legal: “More than ever, Boardrooms will need cyber expertise. Understanding the changing nature of cyber risk, such as how Generative AI creates new challenges, or how the Web3 cryptosphere is also changing the dynamic, will force company leadership to confront the cyber threat landscape to develop improved management strategies.” eosedge Legal also reminds members of the CyberJuris Network and the opportunity of getting involved with cyber experts to engage in this community of interest, speaking bureau, and referral network. Ongoing conversations about the group have been occurring at IR Global events, and the present time could be ideal for further investigating the opportunity.