Skip links

Cybersecurity Maturity Evaluation

Get your cybersecurity evaluated today   

Is your firm regulated?

On July 26, 2023, the Securities and Exchange Commission (SEC) approved the new cybersecurity disclosure rules for public companies with significant modifications from the draft rules proposed in March 2022.

SEC Cyber compliance
SEC Cyber Security

When the New Rules Will Be Effective

The final rules are effective 30 days after the publication of the rule in the Federal Register (which can be anywhere between three business days to a week or longer). The new incident reporting via Form 8-K or 6-K is scheduled to take effect the later of 90 days from publication in the Federal Register or December 18, 2023. The updated disclosure requirements will apply to annual reports on Forms 10-K and 20-F for fiscal years ending on or after December 15, 2023. Smaller reporting companies have 270 days after the publication of the final rule in the Federal Register or until June 15, 2024, whichever is later, to comply

What happens if I don't comply

Failure to comply with the SEC rules can have a variety of effects on your business ranging in severity from reputation damages to legal issues, we have listed a summary of these issues but For the specific consequences related to the new cybersecurity disclosure rules adopted by the SEC, it would be best to refer directly to the document or to official SEC sources. 


Fines and Penalties

The SEC can impose fines and penalties on companies that fail to comply with its regulations. These fines can be substantial, depending on the severity and nature of the non-compliance.

The SEC may initiate legal actions against the company. This could include enforcement actions, which might lead to further legal proceedings.

Non-compliance with SEC regulations can lead to reputational damage. Investors and the public may lose trust in a company that fails to adhere to regulatory standards, which can have long-term negative effects on the company's business.

A company that fails to comply may be subjected to more rigorous audits and increased scrutiny from the SEC. This can lead to additional regulatory burdens and costs.

The company might be required to take specific remedial actions, such as improving their cybersecurity measures or making corrective disclosures.

In some cases, non-compliance can lead to restrictions on certain business activities until compliance is achieved.

In certain cases, officers and directors of the company might also face personal liability for failing to ensure the company's compliance with SEC regulations.

laptop on busy desk for evaluation

What to Do Now

To prepare for these fourth quarter 2023 compliance dates, companies should review and update their cybersecurity policies and procedures and incident management protocols. Issuers should also consider enhanced incident response training to raise awareness of the disclosure timelines. Additionally, companies should discuss how they plan to determine the materiality of a cybersecurity incident.

Fear not! Expert help is at hand...

How we can help

CP Cyber offer a range of tools and support that tailors to individual companies and their needs.

One-time service @ $895 or receive an ongoing service each quarterly for 1 year @ $1,495

Cybersecurity maturity rating regarding the 5 main areas of NIST

Provide cybersecurity risk identification within your company

Prioritization roadmap to guide a Company to desired maturity level

Provide cybersecurity strategic direction and action items

For peace of mind...

Book your Cybersecurity Maturity Evaluation

Take comprehensive action to strengthen and mature your cybersecurity posture.