Securities and Exchange Commission Cybersecurity Ruling
This IDC Market Perspective discusses that in March 2022, the Securities and Exchange Commission (SEC) published a proposal introducing new rules, rule amendments, and form amendments for public companies that are subject to the reporting requirements of the Securities Exchange Act of 1934. These enhancements and disclosure standardizations are principally regarding cybersecurity risk management, strategy, governance, and material cybersecurity incidents of public companies. On July 26, 2023, the SEC finalized and adopted new rules significantly enhancing these cybersecurity requirements. “The SEC has upped the bar for public companies by finalizing new rules significantly upgrading security requirements. Public organizations must now clearly define their definitions of and processes for identifying material cybersecurity incidents,” according to Phil Harris, research director, Governance, Risk, and Compliance Services and Software, IDC. “On a positive note, there is no longer a requirement for board members to have expertise in cybersecurity and in the case of potential national security cybersecurity incidents notifications can be delayed based upon recommendation from the U.S. Attorney General.”
Please Note: Extended description available upon request.
- Executive Snapshot
- New Market Developments and Dynamics
- Background
- Key Takeaways for Public Companies
- Disclosure of Material Cybersecurity Incidents
- Board Cybersecurity Expertise Removed
- Companies Must Disclose Processes
- National Security Delay Exception
- Next Steps
- Advice for the Technology Supplier and Services Provider
- Learn More
- Related Research
- Synopsis
Research Assistance
Download our eBook: How to Succeed Using Market Research
Learn how to effectively navigate the market research process to help guide your organization on the journey to success.
Download eBook