hero image

Get Ready for Change - US SEC's New Cybersecurity Rules Coming December 18


In the US The Securities and Exchange Commission (SEC) is ushering in a new era with rules designed to boost and standardize disclosures from registrants on cybersecurity incidents.


Here's the lowdown on the key changes:

  • Quick Disclosure Turnaround: If a registrant determines a cybersecurity incident is material, they must spill the beans on Form 8-K within four business days. However, the U.S. Attorney General can pump the brakes if there's a substantial risk to national security or public safety.
  • Transparency is Key: Registrants are now required to share their cybersecurity risk management, strategy, and governance processes. This includes insights into how they assess, identify, and handle cybersecurity risks. Boards will need to outline their oversight of these risks, and management's role in tackling them.
  • No One's Exempt: Brace yourself, because these rules apply to almost all registrants filing periodic reports with the SEC. Whether you're a big player or a smaller reporting company, domestic or foreign, these rules affect you.
  • Deadline Alert: For calendar-year registrants, the detailed risk management disclosures are due in the 2023 annual reports. As for the incident disclosure requirements, most registrants need to comply either 90 days after publication in the Federal Register or, you guessed it, by the big day on December 18, 2023.

In a nutshell, the SEC is on a mission to level up disclosures regarding cybersecurity risk. As of December 18, 2023, transparency and timely reporting will be the name of the game.

Achieving compliance goes beyond ticking boxes—it's about fortifying your organization against potential threats and ensuring the integrity of sensitive data. By understanding the intricacies of the new SEC requirements, you empower your organization to proactively address vulnerabilities, mitigate risks, and foster a culture of cybersecurity resilience.

Your Strategic Cybersecurity Partner

In choosing ZDL, you're not just selecting a service provider; you're gaining a strategic cybersecurity partner dedicated to your organization's success. Our team is committed to working collaboratively with you to implement effective control measures that align with your business goals and regulatory obligations.

Next Steps

We look forward to the opportunity to discuss how ZDL can tailor a cybersecurity solution specifically for your organization. Our team is ready to engage with you on a personalized consultation to understand your unique challenges and develop a roadmap for cybersecurity excellence.

Contact us to arrange a call with one of our experts. [email protected]