SEC Cyber Incident and Risk Management Disclosure Readiness: Materiality Assessments, Related Incident Assessments and Cyber Risk Program Disclosures
In today’s digital age, cyber incident and risk management disclosure readiness is a critical aspect of the Security Exchange Commission’s (SEC) regulatory framework. Materiality assessments help companies determine the significance of a cyber incident in the context of their financial reporting and are rapidly becoming a core element of company programs as a result of the rule passed in July of 2023 by the SEC, requiring companies to disclose material cybersecurity incidents they experience and to disclose on an annual basis material information regarding their cybersecurity risk management, strategy and governance. Related incident assessments are equally important as they provide insight into the nature and scope of the incident, aiding in the development of a comprehensive disclosure strategy. Disclosures today require Security Incident Response Teams (likely part of Information Security) and Legal/Compliance teams to work more closely together than ever before. In all likelihood, there is a component of data privacy and risk related to data privacy breach analysis that is included in such reviews. In a world where cyber threats are increasingly prevalent and more sophisticated, companies must be vigilant and prepared to address questions from investors about their cybersecurity strategy and preparedness regarding disclosure, before an event occurs. This 60-minute panel discussion will help teams to better understand how to prepare for SEC cyber incident and risk management disclosure requirements including materiality and related incident assessments and cyber risk program disclosures.
