Industry evaluates impact of SEC cyber incident disclosure year one year later

Two industry reports provide insights into the first year of the Securities and Exchange Commission’s requirements for cyber incident disclosure from publicly traded companies, including details on the quality of the reports and compliance trends.

“The rules have presented new challenges for public companies over the past year in (1) determining which Cybersecurity Incidents are material, (2) when and how they need to be disclosed to the SEC on a Form 8-K and (3) what information should be reported,” according...