target audience: TECH SUPPLIER Publication date: Feb 2024 - Document type: Market Perspective - Doc Document number: # US51824623
Securities and Exchange Commission Cybersecurity Ruling
Content
List of Figures
Get More
When you purchase this document, the purchase price can be applied to the cost of an annual subscription, giving you access to more research for your investment.
Related Links
Abstract
This IDC Market Perspective discusses that in March 2022, the Securities and Exchange Commission (SEC) published a proposal introducing new rules, rule amendments, and form amendments for public companies that are subject to the reporting requirements of the Securities Exchange Act of 1934. These enhancements and disclosure standardizations are principally regarding cybersecurity risk management, strategy, governance, and material cybersecurity incidents of public companies. On July 26, 2023, the SEC finalized and adopted new rules significantly enhancing these cybersecurity requirements.
“The SEC has upped the bar for public companies by finalizing new rules significantly upgrading security requirements. Public organizations must now clearly define their definitions of and processes for identifying material cybersecurity incidents,” according to Phil Harris, research director, Governance, Risk, and Compliance Services and Software, IDC. “On a positive note, there is no longer a requirement for board members to have expertise in cybersecurity and in the case of potential national security cybersecurity incidents notifications can be delayed based upon recommendation from the U.S. Attorney General.”