Cybersecurity Maturity Evaluation
Get your cybersecurity evaluated today
Is your firm regulated?
On July 26, 2023, the Securities and Exchange Commission (SEC) approved the new cybersecurity disclosure rules for public companies with significant modifications from the draft rules proposed in March 2022.
When the New Rules Will Be Effective
The final rules are effective 30 days after the publication of the rule in the Federal Register (which can be anywhere between three business days to a week or longer). The new incident reporting via Form 8-K or 6-K is scheduled to take effect the later of 90 days from publication in the Federal Register or December 18, 2023. The updated disclosure requirements will apply to annual reports on Forms 10-K and 20-F for fiscal years ending on or after December 15, 2023. Smaller reporting companies have 270 days after the publication of the final rule in the Federal Register or until June 15, 2024, whichever is later, to comply
What happens if I don't comply
Failure to comply with the SEC rules can have a variety of effects on your business ranging in severity from reputation damages to legal issues, we have listed a summary of these issues but For the specific consequences related to the new cybersecurity disclosure rules adopted by the SEC, it would be best to refer directly to the document or to official SEC sources.
Fines and Penalties
The SEC can impose fines and penalties on companies that fail to comply with its regulations. These fines can be substantial, depending on the severity and nature of the non-compliance.
Legal Action
The SEC may initiate legal actions against the company. This could include enforcement actions, which might lead to further legal proceedings.
Reputational Damage
Non-compliance with SEC regulations can lead to reputational damage. Investors and the public may lose trust in a company that fails to adhere to regulatory standards, which can have long-term negative effects on the company's business.
Audits and Increased Scrutiny
A company that fails to comply may be subjected to more rigorous audits and increased scrutiny from the SEC. This can lead to additional regulatory burdens and costs.
Remedial Actions
The company might be required to take specific remedial actions, such as improving their cybersecurity measures or making corrective disclosures.
Restrictions on Business Activities
In some cases, non-compliance can lead to restrictions on certain business activities until compliance is achieved.
Officers and Directors Liability
In certain cases, officers and directors of the company might also face personal liability for failing to ensure the company's compliance with SEC regulations.
What to Do Now
To prepare for these fourth quarter 2023 compliance dates, companies should review and update their cybersecurity policies and procedures and incident management protocols. Issuers should also consider enhanced incident response training to raise awareness of the disclosure timelines. Additionally, companies should discuss how they plan to determine the materiality of a cybersecurity incident.
Fear not! Expert help is at hand...
How we can help
CP Cyber offer a range of tools and support that tailors to individual companies and their needs.
One-time service @ $895 or receive an ongoing service each quarterly for 1 year @ $1,495
Cybersecurity maturity rating regarding the 5 main areas of NIST
Provide cybersecurity risk identification within your company
Prioritization roadmap to guide a Company to desired maturity level
Provide cybersecurity strategic direction and action items
For peace of mind...
Book your Cybersecurity Maturity Evaluation
Take comprehensive action to strengthen and mature your cybersecurity posture.