SEC Adopts New Cybersecurity Disclosures Rules for Businesses in the US
The US Securities and Exchange Commission adopted new rules that require public companies to quickly report cyberattacks and disclose the status of their cybersecurity risk management strategy. The scramble is on for companies to comply before year-end. Find out how this may affect your business and how we can help.
On July 26, 2023, the Securities and Exchange Commission (SEC) introduced new cybersecurity rules for public companies in the US. Public companies are now required to “disclose material cybersecurity incidents they experience and to disclose on an annual basis material information regarding their cybersecurity risk management, strategy, and governance.” These new cybersecurity disclosure rules apply to all public companies in the US, including small to mid-sized enterprises (SMEs), foreign private issuers and smaller reporting companies.
How will the new SEC cybersecurity rules impact your business?
If you operate a business in the US, here’s what you need to know:
You’ll have to have a cybersecurity risk management program in place and be able to disclose how your business responds to cybersecurity threats.
You’ll have to describe management’s role and expertise in assessing and managing material cybersecurity risks. This means you’ll have to provide proof of relevant work experience, certifications and education. If you have a board of directors, you’ll also have to show how your board of directors oversees cybersecurity risks for your company.
You’ll be expected to determine the material impact of cybersecurity threats and to report the nature, scope and timing of material impact or likely material impact of a cyberthreat or attack. And you’ll have to sort it out quickly. New cybersecurity reporting rules require material impact reports to be submitted within four business days after an attack.
How will the new cybersecurity reporting laws impact SMEs?
These new cybersecurity reporting regulations signal the SEC’s increased attention to cybersecurity practices among public companies, including SMEs. For smaller businesses, it’s going to be essential to prioritize and enhance cyber capabilities. SMEs will need to take these regulations seriously and work diligently to meet the disclosure requirements while ensuring their cybersecurity measures are up to the mark.
How to meet the new SEC cybersecurity disclosure requirements
With compliance expected before year-end, these new cybersecurity regulations can feel overwhelming—particularly for smaller businesses without a dedicated in-house cybersecurity team. This is where we can help. BOXX Insurance provides:
A comprehensive cybersecurity management system. BOXX all-in-one cyberinsurance for small business provides an effective combination of threat prediction, breach protection and cyber insurance.
Free access to a virtual Chief Information Security Officer (vCISO). Our vCISO can prepare a short report outlining everything your business needs to do to meet the new cybersecurity reporting laws. This service is available upon request and free for all our Cyberboxx Business & Cyberboxx Assist clients.
Ultimately, the new cybersecurity regulations are designed to make the digital landscape a safer place. If the new requirements improve accountability and transparency, that’s a win for everyone. It’s just a matter of finding a way to get there without too much disruption to your business. The good news is that you don’t have to go it alone.
Related posts
Sign up for the BOXX Insurance Newsletter
Get the latest updates about Cyber Insurance and Protection with our newsletter.