- Report material cyber incidents within four days and comply with additional incident reporting requirements.
- Disclose cyber risk policies and procedures in detail — including their role in the company’s financial planning, capital allocation, and business strategy.
- Describe board oversight of — and expertise in — cybersecurity.
These disclosure rules, if enacted as expected, are the latest example of stakeholders carefully evaluating companies based on cyber readiness.
In its proposal, the SEC says “there is growing concern that material cybersecurity incidents are under-reported and the existing reporting may not be sufficiently timely. We are proposing to address these concerns by requiring registrants to disclose material cybersecurity incidents in a current report on Form 8-K within four business days after the registrant determines that it has experienced a material cybersecurity incident.”
This is a game-changer that most companies are not prepared to comply with.
RiskOpsAI™, however, has a solution — an Integrated Risk Modeling & Reporting platform that provides companies with on-demand risk reporting, vulnerability assessments, dashboard analytics and other features that directly address the SEC’s objectives.
Effective Integrated Risk Modeling & Reporting enables companies to capture, analyze, customize, benchmark, and report risk data. With this intel-in-context, they can see the big picture, ensure their cybersecurity programs support the organization’s strategic objectives, set priorities thoughtfully, and create informed responses and remediation plans.
These capabilities will position companies to comply with the proposed SEC disclosure requirements, reassure key stakeholders, improve risk management outcomes, and gain an advantage over competitors. For more information on the RiskOpsAI™ solution, ™/cyber-security-risk-management/”>visit here. To request a demo, contact us here.