Big cybersecurity news came out of the Securities and Exchange Commission (SEC) this month, and it directly affects board members and executives. The SEC adopted a set of rules that will change the way companies handle material cybersecurity incidents and their responsibilities for guidance and managing risks. These rules are all about enhancing transparency and accountability as it relates to cybersecurity attacks that may create a material risk to the company, customers, and ultimately shareholders.

Immediate Cybersecurity Incident Disclosure

Companies will have to reveal any major cybersecurity incidents they experience within four business days, although there’s an exception if the U.S. Attorney General deems immediate disclosure a risk to national security or public safety.

 

Annual Insight into Cybersecurity Strategies

Each year, companies will have to give investors a peek behind the curtain at their cybersecurity risk management, strategies, and governance through their 10-K report. This also includes an inside look at how the board of directors and management are tackling cybersecurity threats.

 

What the SEC Chair Had to Say

Gary Gensler, SEC Chair, compared losing millions of files in a cybersecurity incident to losing a factory in a fire. Both can greatly impact investors. He believes these new rules will make cybersecurity information more consistent and useful for investors and companies alike.

 

Not Just for U.S. Companies

Foreign private issuers are also under these new rules, having to make similar disclosures.

 

When Does It All Start?

These rules kick into gear 30 days after they’re published in the Federal Register. The annual report requirements begin with reports for fiscal years ending on or after December 15, 2023. Other disclosures have different timelines, and smaller companies get a bit more breathing room with an extra 180 days for the Form 8-K disclosure.

 

Wrapping It Up

So, what does all this mean for you? If you’re an investor, you’ll have a clearer picture of how companies manage cybersecurity risks. If you’re part of a public company, you’ve got some new guidelines to follow.

 

BlackCloak: Protecting Board Members and Executives

These rules represent a significant step towards a more transparent and secure digital landscape. BlackCloak is the Pioneer of Personal Cybersecurity™, and we offer cybersecurity solutions that protect high-profile individuals like board members and corporate executives. They are often targeted due to their influence and access to sensitive information. Recognizing that off-the-shelf security measures are insufficient in protecting their personal cybersecurity is why we created the Digital Executive Protection services BlackCloak offers. 

Personal cybersecurity is an important component of compliance with this new rule. By ensuring an executive’s entire digital life is secured, you can greatly reduce the potential for attackers to exploit weak links that could lead to corporate infiltration. We ensure your board members and executives are shielded from the latest threats and form a robust defense against the ever-evolving landscape of cyber risks. 

Contact us today to learn more about how we can offer more secure futures and clear strategies.