Attendees at the 2024 AICPA & CIMA Conference on Current SEC and PCAOB Developments heard an insightful discussion about the SEC’s new cybersecurity disclosure rules, which took effect at the end of 2023. The panelists shared crucial data points, compliance issues and best practices.
>> Cybersecurity disclosure basics
The following broad categories of disclosures are required on Form 10-K and Form 20-F:
cybersecurity processes;
management’s role in cybersecurity governance; and
cybersecurity oversight by the board of directors.
Material cyber incidents are reported under new Item 1.05 of Form 8-K within four business days of determining an incident is material. This form is also used to provide new information about material aspects of previously reported incidents.
Learn more about the basics in our Defining Issues, SEC finalizes cybersecurity rules.