The SEC’s Cybersecurity Disclosure Rule: Understanding the Impact to Your Business

In July 2023, the SEC adopted an entirely new disclosure regime, which is now, in effect, requiring “covered entities” to rapidly disclose material cyber incidents, risks, and a wide range of corporate cybersecurity governance measures. Covered entities, which include public companies and foreign issuers, are scrambling to address key questions such as:

• What “material events” must be disclosed?
• How does the SEC expect companies to assess materiality under the new rules, and what does enforcement precedent tell us?
• How should incident response processes, as well as other applicable policies, procedures and controls, be revised?
• What will enforcement look like?
• How can companies best position themselves to utilize the available national security/public safety delay option?
• What can companies do proactively to validate their cybersecurity programs and disclosure mechanisms?

David Oliwenstein, Deborah Thoren-Peden and Brian Finch will join a panel of cybersecurity and SEC enforcement and disclosure advisors at Guidehouse to share insights on the above key questions and provide practical advice on how to comply with the SEC’s new requirements and place companies in the best position to mitigate enforcement risk.

For more information and to register, please visit the Guidehouse event page.