March 2023
Cyber-Security Breach Disclosures
How Existing Reporting Compares To The Enhanced Disclosure Rules Expected From The SEC - Timely Reporting May Need Extra Attention
By: MyLogIQ
IntroductionCyber-security breaches certainly are top of mind right now, this was a point of discussion if you caught our recent Q1 SEC Pro Group National Meeting featuring David Peavler (recording here).
Enhanced Disclosure Rules On The Horizon
With the expected April 2023 announcement from the U.S. Securities and Exchange Commission (SEC) of finalized rulemaking to enhance disclosure of cybersecurity risk management, we took a look at current reporting practices to see where things stand and to help provide guidance on where companies need to go once the new rule becomes effective.
5 Areas of Disclosure Focus
The proposed rule, Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure has five areas of disclosure focus:
Incident Disclosure
Timeliness of Incident Disclosure
Board Oversight
Board Expertise
Management Policies & Procedures.
This report looks at disclosure practices for the first four of these areas.