Securities and Exchange Commission Cybersecurity Ruling

Securities and Exchange Commission Cybersecurity Ruling


This IDC Market Perspective discusses that in March 2022, the Securities and Exchange Commission (SEC) published a proposal introducing new rules, rule amendments, and form amendments for public companies that are subject to the reporting requirements of the Securities Exchange Act of 1934. These enhancements and disclosure standardizations are principally regarding cybersecurity risk management, strategy, governance, and material cybersecurity incidents of public companies. On July 26, 2023, the SEC finalized and adopted new rules significantly enhancing these cybersecurity requirements. “The SEC has upped the bar for public companies by finalizing new rules significantly upgrading security requirements. Public organizations must now clearly define their definitions of and processes for identifying material cybersecurity incidents,” according to Phil Harris, research director, Governance, Risk, and Compliance Services and Software, IDC. “On a positive note, there is no longer a requirement for board members to have expertise in cybersecurity and in the case of potential national security cybersecurity incidents notifications can be delayed based upon recommendation from the U.S. Attorney General.”

Please Note: Extended description available upon request.


Executive Snapshot
New Market Developments and Dynamics
Background
Key Takeaways for Public Companies
Disclosure of Material Cybersecurity Incidents
Board Cybersecurity Expertise Removed
Companies Must Disclose Processes
National Security Delay Exception
Next Steps
Advice for the Technology Supplier and Services Provider
Learn More
Related Research
Synopsis

Download our eBook: How to Succeed Using Market Research

Learn how to effectively navigate the market research process to help guide your organization on the journey to success.

Download eBook
Cookie Settings