SEC's New Guidance Emphasizes Materiality Assessment in Cybersecurity Disclosures

SEC's New Guidance Emphasizes Materiality Assessment in Cybersecurity Disclosures

BY  
AnhNguyen  
- August 20, 2024

The Securities and Exchange Commission (SEC) has recently published new guidance aimed at helping public companies comply with its cybersecurity disclosure rule. This rule, finalized in July 2023, mandates that U.S. exchange-listed companies report material cybersecurity incidents within four days. It also requires annual disclosures of risk management strategies and governance structures related to cybersecurity. 

The SEC’s new guidance, released on June 24, 2024, provides five compliance and disclosure interpretations (C&DIs) that clarify how companies should assess and disclose material cybersecurity events. This guidance underscores the importance of conducting thorough materiality assessments for all cybersecurity incidents, regardless of their immediate financial impact. 

One of the key takeaways from the SEC’s guidance is that companies must determine the materiality of a cybersecurity incident even if the incident is resolved quickly or if a ransom payment is covered by insurance. The guidance also notes that small incidents, when considered collectively, may be deemed material if they are related or exploit the same vulnerability. 

Materiality assessments are crucial in determining whether a cybersecurity event needs to be disclosed to investors. The SEC emphasizes that these assessments should be conducted after every cyber incident, with input from outside securities counsel and corporate boards. This ensures that companies are meeting their disclosure responsibilities under the SEC rule. 

For businesses, this guidance highlights the need for robust materiality assessment processes as part of their overall ESG and sustainability strategy. It also reinforces the importance of proactive cybersecurity risk management to mitigate potential financial and reputational impacts. 

With the SEC’s increasing focus on cybersecurity disclosure, public companies must prioritize materiality assessments to ensure compliance and transparency in their reporting practices. 

Sources: 

https://global.lockton.com/us/en/news-insights/new-sec-cybersecurity-compliance-and-disclosure-interpretations-put-focus-on 

https://kpmg.com/us/en/media/news/sec-cybersecurity-disclosure-rules-2024.html

Commencez à utiliser le toolkit Seneca ESG aujourd'hui

Suivez les performances ESG dans les portefeuilles, créez vos propres cadres ESG et prenez de meilleures décisions commerciales éclairées.

Toolkit

Seneca ESG

Intéressé ? Contactez-nous maintenant

Pour nous contacter, veuillez remplir le formulaire à droite ou nous envoyer directement un email à l'adresse ci-dessous

sales@senecaesg.com

Bureau de Singapour

7 Straits View, Marina One East Tower, #05-01, Singapour 018936

+(65) 6223 8888

Bureau de Barcelone

Carrer de la Tapineria, 10

Ciutat Vella, 08002, Barcelona, Spain

+34 612 22 79 06

Bureau de Taipei

77 Dunhua South Road, 7F Section 2, Da'an District Taipei City, Taïwan 106414

(+886) 02 2706 2108

Bureau de Lima

Av Jorge Basadre Grohmann 607 San Isidro, Lima, Pérou 15073

(+51) 951 722 377