Published on Oct 13th, 2023 |

Preparation Required for New Cybersecurity Rules

Vigilant Insights

Brief Introduction

In a recent Deloitte Survey, 26% of Firms surveyed have not prepared for the new SEC cybersecurity rules.

With differing effective dates based on size, Firms will have incidence reporting requirements and disclosure requirements related to cybersecurity governance.

It is vital that Firms thoroughly examine their cybersecurity policies and procedures to ensure compliance.

New Rule Reminders

New Rule Reminders

  • Material cybersecurity incidents must be disclosed in Form 8-K filings.
  • Disclosures must be filed within four business days after discovery.
  • Annual Form 10-K and 20-F filings will require disclosures of the firm’s risk management procedures, board member proficiency, and supervisory cybersecurity procedures for fiscal years ending on or after December 15th, 2023.

Steps to Prepare

Steps to Prepare

  1. An in-depth analysis of cybersecurity policies and procedures.
    • Cybersecurity attacks should be seen as inevitable.
    • Cybersecurity entails threat assessment, preparedness, and business continuity planning.
    • Ensure that all third-party vendors have cybersecurity practices in line with industry standards.
  2. Firm members responsible for cybersecurity risk management should have direct and open communication with senior leadership including the board of directors.
  3. Ongoing and frequent cybersecurity training for all employees.
  4. Routinely test the effectiveness of cybersecurity defenses.
  5. Reach out to compliance professionals with knowledge of current industry standards and the solutions required to remediate.

Vigilant's Conclusion

Vigilant’s Conclusion

The current regulatory environment is too aggressive to practice “on the fly” compliance.

Cybersecurity appears to be a concern for regulators in the foreseeable future.

Firms that have taken steps to improve cybersecurity should have their changes evaluated by professionals, and Firms that have failed to prepare should take the steps mentioned as quickly as possible.

Please reach out to us with any compliance concerns related to cybersecurity you may have or may need assistance on.

Contact Us for Support