top of page
shutterstock_1657157734_edited_edited_edited.jpg
shutterstock_1657157734_edited_edited_edited.jpg

New SEC Guidelines on Cybersecurity Breaches: What Do You Need to Know?

Updated: Jun 11

Cyber Security Leaders Have Typically Paid Little if any Attention to SEC Guidlines. Not Anymore.


As of December 2023, the SEC has created new guidelines for how publicly traded companies manage and report Risk Management, Strategy, Governance, and Incident Disclosure.

As a cyber security leader, here is what you need to know!


New Reporting Requirements for Cyber Breaches


If your company is funded by investors, or if there are plans to take your business public, you need to stay abreast of The SEC's latest guidlines!


Material breaches must be reported within 4 days of the incident occurring. 

Companies need to at least detect incidents fast enough to mitigate and report within that 4-day window. The current lead time of detections (days or even weeks after a breach) is no longer acceptable in the new regulatory market. Leadership can be personally liable if they fail to report security breaches, and will be open to lawsuits and potentially jail time for fraud.  


The current lead time of detections (days or even weeks after a breach) is no longer acceptable in the new regulatory market. Leadership can be personally liable if they fail to report security breaches

 Companies must disclose “material information” through annual reports regarding their cybersecurity risk management, strategy, and governance. 

 

Organizations must provide yearly reports to the SEC outlining their processes, risk projections, and level of expertise with assessing, identifying, and managing material risks from cybersecurity threats.  

 

CyberZek’s Powerful insider threat management platform can help you comply with these new guidelines

 

Our Global Insider Threat Manager (GITM) monitors cyber risks posed by insiders or threat-actors posing as insiders. The GITM system provides monitoring, detection, and reporting of overprivileged or unauthorized access as well as software vulnerabilities commonly exploited by bad actors. This reduces an organization’s response time to a security breach by combining detection and reporting in the same tooling system. 

49 views

Recent Posts

See All
bottom of page