SEC proposes rules regarding cybersecurity-related disclosures
ARTICLE | March 10, 2022
Authored by RSM US LLP
On March 9, 2022, the SEC released proposed rule amendments regarding various required cybersecurity-related disclosures. Among other stipulations, the proposed amendments would require:
- Current reporting about material cybersecurity incidents on Form 8-K within four business days after the registrant determines that it has experienced a material cybersecurity incident. The SEC would not expect a registrant to publicly disclose specific, technical information about its planned response to the incident or its cybersecurity systems, related networks and devices, or potential system vulnerabilities in such detail as would impeded the registrant’s response or remediation of the incident. However, to the extent the information is known at the time of the Form 8-K filing, the disclosure should include:
- When the incident was discovered and whether it is ongoing
- A brief description of the nature and scope of the incident
- Whether any data was stolen, altered, accessed or used for any other unauthorized purpose
- The effect of the incident on the registrant’s operations
- Whether the registrant has remediated or is currently remediating the incident
- Periodic reporting on Form 10-Q and Form 10-K to provide updated disclosure about previously reported cybersecurity incidents and to require disclosure, to the extent known to management, when a series of previously undisclosed individually immaterial cybersecurity incidents has become material in the aggregate
- Annual reporting in Form 10-K to provide disclosure about:
- The registrant’s policies and procedures, if any, for the identification and management of risks from cybersecurity threats, including, among other matters, whether the registrant considers cybersecurity as part of its business strategy, financial planning and capital allocation
- The registrant’s cybersecurity governance, including the board of directors' oversight role regarding cybersecurity risks
- Management’s role, and relevant expertise, in assessing and managing cybersecurity-related risks and implementing related policies, procedures and strategies
- Annual reporting or proxy disclosure about the board of directors’ cybersecurity expertise, if any, including the name(s) of any such director(s) and any detail necessary to fully describe the nature of the expertise
- The cybersecurity disclosures to be presented in Inline eXtensible Business Reporting Language
Call us at (509) 663-1131 or fill out the form below and we'll contact you to discuss your specific situation.
This article was written by RSM US LLP and originally appeared on 2022-03-10.
2022 RSM US LLP. All rights reserved.
RSM US Alliance provides its members with access to resources of RSM US LLP. RSM US Alliance member firms are separate and independent businesses and legal entities that are responsible for their own acts and omissions, and each is separate and independent from RSM US LLP. RSM US LLP is the U.S. member firm of RSM International, a global network of independent audit, tax, and consulting firms. Members of RSM US Alliance have access to RSM International resources through RSM US LLP but are not member firms of RSM International. Visit rsmus.com/about us for more information regarding RSM US LLP and RSM International. The RSM logo is used under license by RSM US LLP. RSM US Alliance products and services are proprietary to RSM US LLP.
Homchick Smith & Associates, PLLC is a proud member of the RSM US Alliance, a premier affiliation of independent accounting and consulting firms in the United States. RSM US Alliance provides our firm with access to resources of RSM US LLP, the leading provider of audit, tax and consulting services focused on the middle market. RSM US LLP is a licensed CPA firm and the U.S. member of RSM International, a global network of independent audit, tax and consulting firms with more than 43,000 people in over 120 countries.
Our membership in RSM US Alliance has elevated our capabilities in the marketplace, helping to differentiate our firm from the competition while allowing us to maintain our independence and entrepreneurial culture. We have access to a valuable peer network of like-sized firms as well as a broad range of tools, expertise and technical resources.
For more information on how Homchick Smith & Associates can assist you, please call (509) 663-1131.