Primary Contact: Carl N. Kriebel CISSP
Schneider Downs can help your organization meet the materiality assessments and disclosure requirements of the SEC Cybersecurity Risk Management, Strategy, Governance and Incident Disclosure Rule (SEC Cybersecurity Disclosure Rule).
Our team of experienced cybersecurity and IT risk professionals have the regulatory and technical knowledge to help organizations establish the necessary processes and controls to assess the materiality of cybersecurity incidents and the reporting process with the SEC.
Key cybersecurity incident materiality assessment services include incident response planning, procedure development, security assessments and specialized reporting.
There are ways for organizations to get ahead of the SEC’s new regulations. To make compliance as easy as possible, registrants should focus on developing processes and shoring up communication regarding cyber incidents. If registrants do not already have processes in place, they should consider developing the following:
Additionally, registrants may want to consider whether their current cybersecurity monitoring infrastructure can accommodate this type of assessment and reporting and if their third-party risk management program is sufficient. Companies should ask themselves:
What is the SEC Cybersecurity Disclosure Rule?
The SEC Cybersecurity Risk Management, Strategy, Governance and Incident Disclosure Rule (SEC Cybersecurity Disclosure Rule) requires registrants to disclose, on the new Item 1.05 of Form 8-K, any cybersecurity incident determined to be material and to describe the material aspects of the incident's nature, scope and timing, as well as its material impact or reasonably likely material impact on the registrant. This report is generally due within four days after the registrant determines a cybersecurity incident is material.
What are the SEC Cybersecurity Disclosure Rule Key Dates?
What is Regulation S-K Item 106?
The new rule also adds Regulation S-K Item 106, which requires public companies to disclose information on their cybersecurity risk management, strategy and governance plans in their annual report on Form 10-K in an effort to provide more transparency to investors.
The Schneider Downs cybersecurity practice consists of experts offering a comprehensive set of information technology security services, including penetration testing, intrusion prevention/detection review, ransomware security, vulnerability assessments and a robust digital forensics and incident response team. In addition, our Digital Forensics and Incident Response teams are available 24x7x365 at 1-800-993-8937 if you suspect or are experiencing a network incident of any kind.
To learn more, visit our dedicated Cybersecurity page or contact the team directly.
[email protected]
p: 412.261.3644
f: 412.261.4876
[email protected]
p: 614.621.4060
f: 614.621.4062
[email protected]
p: 571.380.9003