SEC Cybersecurity Disclosure Rules (2023)
O que é SEC Cybersecurity Disclosure Rules (2023)?
SEC Cybersecurity Disclosure Rules (2023)U.S. Securities and Exchange Commission rules adopted in July 2023 requiring public companies to disclose material cyber incidents on Form 8-K within four business days and to describe their cybersecurity risk management, strategy, and governance annually on Form 10-K.
The SEC's Cybersecurity Disclosure Rules, finalized 26 July 2023 and largely effective by December 2023, materially changed cyber-incident reporting for U.S.-listed companies. Public registrants must file Form 8-K Item 1.05 within four business days of determining that a cybersecurity incident is material, describing its nature, scope, timing, and material impact (including reasonably likely impacts). Determination of materiality must be made 'without unreasonable delay'. Annually, the 10-K must include Item 106 disclosures on processes for assessing/managing cyber risk, the role of management and the board in cyber oversight, and any material risks from cyber threats. A narrow law-enforcement-delay carve-out exists when the U.S. Attorney General determines that disclosure would substantially threaten public safety or national security. Foreign private issuers face analogous obligations on Form 6-K and 20-F. Since the rule took effect, dozens of 8-Ks have been filed (MGM Resorts, Clorox, Caesars, ScreenConnect/ConnectWise, Halliburton, CDK Global, UnitedHealth, etc.), and the SEC has separately pursued enforcement against issuers for misleading or absent disclosures.
● Exemplos
- 01
A retailer files an 8-K Item 1.05 within four business days of determining that a ransomware incident is material, then files amendments as scope is clarified.
- 02
A 10-K Item 106 section describes the board's quarterly cybersecurity oversight cadence, the CISO's reporting line, and the use of an external IR retainer.
● Perguntas frequentes
O que é SEC Cybersecurity Disclosure Rules (2023)?
U.S. Securities and Exchange Commission rules adopted in July 2023 requiring public companies to disclose material cyber incidents on Form 8-K within four business days and to describe their cybersecurity risk management, strategy, and governance annually on Form 10-K. Pertence à categoria Conformidade e frameworks da cibersegurança.
O que significa SEC Cybersecurity Disclosure Rules (2023)?
U.S. Securities and Exchange Commission rules adopted in July 2023 requiring public companies to disclose material cyber incidents on Form 8-K within four business days and to describe their cybersecurity risk management, strategy, and governance annually on Form 10-K.
Como funciona SEC Cybersecurity Disclosure Rules (2023)?
The SEC's Cybersecurity Disclosure Rules, finalized 26 July 2023 and largely effective by December 2023, materially changed cyber-incident reporting for U.S.-listed companies. Public registrants must file Form 8-K Item 1.05 within four business days of determining that a cybersecurity incident is material, describing its nature, scope, timing, and material impact (including reasonably likely impacts). Determination of materiality must be made 'without unreasonable delay'. Annually, the 10-K must include Item 106 disclosures on processes for assessing/managing cyber risk, the role of management and the board in cyber oversight, and any material risks from cyber threats. A narrow law-enforcement-delay carve-out exists when the U.S. Attorney General determines that disclosure would substantially threaten public safety or national security. Foreign private issuers face analogous obligations on Form 6-K and 20-F. Since the rule took effect, dozens of 8-Ks have been filed (MGM Resorts, Clorox, Caesars, ScreenConnect/ConnectWise, Halliburton, CDK Global, UnitedHealth, etc.), and the SEC has separately pursued enforcement against issuers for misleading or absent disclosures.
Como se defender contra SEC Cybersecurity Disclosure Rules (2023)?
As defesas contra SEC Cybersecurity Disclosure Rules (2023) costumam combinar controles técnicos e práticas operacionais, conforme detalhado na definição acima.
Quais são outros nomes para SEC Cybersecurity Disclosure Rules (2023)?
Nomes alternativos comuns: SEC 8-K Item 1.05, SEC cyber disclosure rule.
● Termos relacionados
- compliance№ 226
Conformidade
Disciplina que assegura o cumprimento de requisitos legais, regulatórios, contratuais e internos de segurança através de controlos documentados, evidências e avaliação contínua.
- forensics-ir№ 582
Resposta a incidentes
Processo organizado para preparar, detetar, analisar, conter, erradicar e recuperar de incidentes de cibersegurança, capturando lições aprendidas.
- attacks№ 304
Violacao de dados
Incidente de seguranca confirmado em que uma parte nao autorizada acede, extrai ou divulga informacao sensivel, protegida ou confidencial.
- compliance№ 1264
Gestão de risco de terceiros (TPRM)
Disciplina de ponta a ponta para identificar, avaliar, contratar, monitorizar e descontinuar terceiros, mantendo dentro do apetite os riscos ciber, operacionais e de conformidade introduzidos por eles.
- compliance№ 290
Seguro cibernetico
Produto de seguro especializado que transfere a uma seguradora o impacto financeiro de incidentes ciberneticos — resposta, interrupcao de negocio e responsabilidade civil.
- compliance№ 1043
Gestão de riscos
Processo coordenado de identificar, analisar, avaliar, tratar, monitorizar e comunicar riscos para mantê-los dentro da tolerância definida pela organização.