Skip to main content


Navigating the SEC’s cybersecurity disclosure rules

Learn about new SEC requirements for cyber reporting — and how to comply.

With the US Securities and Exchange Commission’s final rules in effect as of Dec. 18, 2023, organizations are required to disclose material cyber incidents in a timely manner.

All publicly traded companies are required to provide information on material cybersecurity incidents, as well as share certain details of their enterprise cyber risk management programs. While the rules only apply to public companies, they also serve as a reminder for private companies to embrace best practices, including determining incident impact and establishing a cybersecurity governance program.

Interested in defining how these rules apply to your organization? Contact us
Use this report to:
  • Take a deeper dive into the SEC disclosure rules and reporting requirements.
  • Gain a better understanding of key terms.
  • Learn how to determine materiality.