4 Day Deadline: Impacts of New SEC Cybersecurity Regulation


Investors value transparency. They want to know that the companies in which they invest acknowledge business risk, admit material events, and report truthfully. Examples of material events include a merger or acquisition, legal judgment, or sale of assets. Information about these events helps investors perform better due diligence about valuation. By the end of 2023, a new U.S. Securities and Exchange Commission (SEC) regulation requires a mandatory disclosure for cybersecurity.

Companies strive to maximize shareholder wealth by making decisions and taking actions that lead to valuation appreciation and overall well-being. Meanwhile, cybercriminals strive to steal wealth. The updated mandatory disclosures will provide surprising details about companies' cybersecurity swim wear and ultimately reveal insights into a company’s willingness to invest in protecting their digital estate.

A rising tide floats all boats… only when the tide goes out do you discover who's been swimming naked." - Warren Buffett

In recent years, 100s of publicly traded companies have disclosed cybersecurity incidents. They’ve quantified the economic value of their data with the cost of notification, downtime, and potential reputational damage.

What Does the New SEC Cybersecurity Regulation Require?

The SEC’s objective is to ensure companies disclose cybersecurity risks and implement measures to protect their systems and data. The new rules require public companies to disclose material cybersecurity incidents within four business days of becoming aware. The rules also require annual disclosure of information about their cybersecurity risk management, strategy, and governance.

Protecting the Public and Enhancing Transparency

The new regulation plays a crucial role in safeguarding the public. Mandating disclosure and implementation of cybersecurity control ensures that companies take proactive measures to protect information systems and data. The regulation improves transparency by providing investors with crucial information for making informed decisions.

Tips for Compliance with the New Cybersecurity Regulations

There are several steps you can take to improve your cybersecurity posture and protect investors:

With the new cybersecurity regulation in place, your company can increase data protection and build more efficient compliance and governance. The opportunity to safeguard your data is here. Shareholders can minimize potential risks and reap the rewards of a secure investment.

By following the new regulations and investing in cybersecurity risk management, your business stands benefit from reduced cyber risks. These efforts can provide a powerful and proactive shield of business resilience that affords both you and your shareholders peace of mind.

Learn more about best practices for “Navigating the National Cybersecurity Strategy.”

Explore the Cyber Resiliency Timeline and get a quick assessment of your own cybersecurity posture.

Tim Burlowski
Senior Director of Product Management Cyber Resiliency