Cybersecurity » Implementing the SEC’s Cybersecurity Disclosure Rules

Implementing the SEC’s Cybersecurity Disclosure Rules

Three New States Pass Comprehensive Data Privacy Laws

Legal Ops professionals will be interested in this final post in the three-part blog from bytebacklaw.com on the U.S. Securities and Exchange Commission’s (SEC’s) final rules for cybersecurity disclosures.

The SEC acknowledges that materiality determinations require informed and deliberative processes, but states that a registrant should not delay determination of materiality solely when continued investigation is needed. If a cybersecurity incident is determined to be material, the clock to file an Item 1.05 Form 8-K with the SEC begins within four business days.

To help senior management make a materiality determination, the cybersecurity experts need to notify them of the known facts, the areas of uncertainty, and any items that remain unknown.

  • Registrants should develop decision trees or playbooks providing examples of material and non-material cybersecurity incidents that can guide corporate leaders’ decision-making.
  • Companies should have an escalation process and maintain activity/response logs including what steps are taken in response to each incident, as well as closure and the conclusion on whether or not a particular incident was material.

Registrants should identify events that will trigger secondary consequences or additional compliance requirements. It would be ironic if the legacy of the SEC’s four-day deadline turns out to be premature corporate disclosures followed by an influx of premature lawsuits.

Get our free daily newsletter

Subscribe for the latest news and business legal developments.

Read this next

AI Vital To Cybersecurity and Cyber Criminals

SEC Complaint Against Company Filed by Ransomware Gang

The new Security and Exchange Commission’s (SEC’s) reporting rules require U.S.-listed companies […]

AI Executive Order Finally Released

The Recruiting Workflow: A Balance Between Technology and Humans

As Legal Operations professionals support their corporate legal departments with digital transformation […]

What to Do When Your Employees Are Using Chatbots

Making Digital Transformation a Core Competency in 2024

Every two or three years, the business world changes, and leaders are […]

Scroll to Top