Security News > 2024 > February > How to make sense of the new SEC cyber risk disclosure rules
SEC's new cybersecurity risk management, strategy, governance, and incident disclosure rules, which require increased transparency around cybersecurity incidents, have been in effect since December 18, 2023.
For businesses that already harbor concerns over their cybersecurity protections, visibility, and incident response preparedness, meeting the SEC's new incident reporting rules can be a serious challenge.
Under the SEC's new cybersecurity rules, public companies must report any material incident within four business days of becoming aware of it.
While the new incident reporting rules went into effect on December 18, 2023, smaller reporting companies have an additional 180 days before they must start disclosing incidents.
The SEC is focused on establishing greater transparency and consistency in cybersecurity incident reporting practices.
The SEC can and will enforce its cybersecurity rules on violators from both the public and private sectors-meaning that private companies in public company supply chains must prepare for transparent and timely incident reporting.