Securities and Exchange Commission Cyber Disclosure Rules: How to Prepare for December Deadlines

The U.S. Securities and Exchange Commission’s new rules around disclosure of cybersecurity incidents go into effect on Dec. 15 for public companies with fiscal years starting on or after that date.

Now, those organizations are asking what they need to alter or enhance about their disclosure procedures, incident response and existing cyber capabilities.

“Ultimately what’s changing is the orchestration between cyber and IT and the disclosure committee and the folks that do the disclosure,” Adib said.

A material incident in securities law is generally considered an incident in which “There is a substantial likelihood that a reasonable shareholder would consider it important,” according to three legal cases cited by the SEC. Must-read security coverage Best SIEM Tools and Software for 2023 Atlas VPN Review: Features, Pricing, Alternatives Australia, New Zealand Enterprises Spend Big on Security – But Will It Be Enough? Quick Glossary: Cybersecurity Attacks.

Organizations need to build processes to get people from different stakeholder groups – cyber, IT, finance, legal – together on a disclosure committee to discuss a potential incident.

The purpose of the rules is to inform investors of the incident’s possible impact to “Benefit investors, companies and the markets connecting them,” said SEC Chair Gary Gensler in a press release posted on July 26, 2023.

Share this article on social media:

Subscribe to Our Newsletter!
Stay on top of cybersecurity risks, evolving threats and industry news.
This field is for validation purposes and should be left unchanged.

The Latest Cybersecurity News

From major cyberattacks, newly discovered critical vulnerabilities to recommended best practices, read it here first:

Tell us About your Needs
Get an Answer the Same Business Day

Got an urgent request? Call us at 1-877-805-7475 or Book a meeting.

What happens next:

A Vumetric expert will contact you to learn more about your cybersecurity needs and goals.

The project's scope will be defined (Target environment, deadlines, requirements, etc.)

A detailed quote including all-inclusive pricing and statement of work is sent to you.

This field is for validation purposes and should be left unchanged.


Everything You Need to Know

Gain confidence in your future cybersecurity assessments by learning to effectively plan, scope and execute projects.


Enter your Email Address

This field is for validation purposes and should be left unchanged.

* No free email provider (e.g:,, etc.)

This site is registered on as a development site. Switch to a production site key to remove this banner.