SEC’s New Guidance Emphasizes Materiality Assessment in Cybersecurity Disclosures 

SEC’s New Guidance Emphasizes Materiality Assessment in Cybersecurity Disclosures 

by  
AnhNguyen  
- August 20, 2024

The Securities and Exchange Commission (SEC) has recently published new guidance aimed at helping public companies comply with its cybersecurity disclosure rule. This rule, finalized in July 2023, mandates that U.S. exchange-listed companies report material cybersecurity incidents within four days. It also requires annual disclosures of risk management strategies and governance structures related to cybersecurity. 

The SEC’s new guidance, released on June 24, 2024, provides five compliance and disclosure interpretations (C&DIs) that clarify how companies should assess and disclose material cybersecurity events. This guidance underscores the importance of conducting thorough materiality assessments for all cybersecurity incidents, regardless of their immediate financial impact. 

One of the key takeaways from the SEC’s guidance is that companies must determine the materiality of a cybersecurity incident even if the incident is resolved quickly or if a ransom payment is covered by insurance. The guidance also notes that small incidents, when considered collectively, may be deemed material if they are related or exploit the same vulnerability. 

Materiality assessments are crucial in determining whether a cybersecurity event needs to be disclosed to investors. The SEC emphasizes that these assessments should be conducted after every cyber incident, with input from outside securities counsel and corporate boards. This ensures that companies are meeting their disclosure responsibilities under the SEC rule. 

For businesses, this guidance highlights the need for robust materiality assessment processes as part of their overall ESG and sustainability strategy. It also reinforces the importance of proactive cybersecurity risk management to mitigate potential financial and reputational impacts. 

With the SEC’s increasing focus on cybersecurity disclosure, public companies must prioritize materiality assessments to ensure compliance and transparency in their reporting practices. 

 

Sources: 

https://global.lockton.com/us/en/news-insights/new-sec-cybersecurity-compliance-and-disclosure-interpretations-put-focus-on 

https://kpmg.com/us/en/media/news/sec-cybersecurity-disclosure-rules-2024.html 

Start Using The Seneca ESG Toolkit Today

Monitor ESG performance in portfolios, create your own ESG frameworks, and make better informed business decisions.

Toolkit

Seneca ESG

Interested? Contact us now

In order to contact us please fill the form on the right or directly email us at the address below

sales@senecaesg.com

Singapore Office

7 Straits View, Marina One East Tower, #05-01, Singapore 018936

+65 6223 8888

Amsterdam Office

Gustav Mahlerplein 2 Amsterdam, Netherlands 1082 MA

(+31) 6 4817 3634

Taipei Office

77 Dunhua South Road, 7F Section 2, Da'an District Taipei City, Taiwan 106414

(+886) 02 2706 2108

Hanoi Office

Viet Tower 1, Thai Ha, Dong Da Hanoi, Vietnam 100000

(+84) 936 075 490

Lima Office

Av. Santo Toribio 143,

San Isidro, Lima, Peru, 15073

(+51) 951 722 377

Tokyo Office

1-4-20 Nishikicho, Tachikawa City, Tokyo 190-0022