In December 2023, new Security and Exchange Commission regulations about disclosing cybersecurity incidents are in effect. Hence, your company must know about the changes and how to adhere to the new rules. 

In 2022, the Security and Exchange Commission (SEC) adopted final rules requiring “registrants” to disclose “material” cybersecurity incidents. A material incident means unauthorized access to personal information is possible. A registrant is any company that files documents with the SEC.

Overview of New Rules About Public Company Cybersecurity 

The hope behind these new regulations is that they will yield consistent, comparable, and informative results. Disclosures allow investors to assess registrants’ susceptibility to significant cybersecurity incidents and companies’ capacity to identify and mitigate these risks effectively. 

Registrants must disclose any “material” incident on Form 8-K Item 1.05, generally within four days of discovery. However, the disclosure may be delayed if the U.S. Attorney General deems immediate disclosure a threat to national security or public safety and notifies the Commission accordingly. In such cases, the Commission may consider additional requests for delay. 

Companies must also provide yearly disclosures that include a summarized account of significant cybersecurity incidents, an explanation of their general cybersecurity procedures, and a description of the management and board’s oversight. Additionally, they must confirm their ability to ensure accurate cybersecurity reporting and readiness.

Why Adhering to SEC Regulations is Key

It is vital to adhere to all SEC regulations for your business, team members, and clients. While the implementation might have some intricacies, organizations should not be concerned. The benefits of fixing the current dysfunctional state outweigh the challenges of making necessary corrections.

Companies must review their IT asset management (ITAM) and IT asset disposition (ITAD) processes in light of these new regulations. ITAM and ITAD both require proper oversight to ensure data security.

ITAM represents a framework for the governance and operation of an organization, which includes a set of best practices and processes for managing IT assets. ITAD is the practice of how and where to dispose of IT hardware, whether that’s refurbishing or safely recycling. 

Improperly aligned strategies can lead to:

  • Compromised data security
  • Incorrect regulatory compliance
  • Lost data
  • Costly legal battles

These outcomes can harm your business, team members, and customers. Aligning your ITAD and ITAM strategies is vital to the health of your business. 

Learn More About Staying SEC-compliant 

NCS Global can help ensure you have all the information and tools needed to comply with all regulatory frameworks while boosting your profits and reducing your negative environmental impact. Ready to learn more? Contact NCS Global today to receive expert guidance on how to stay SEC-compliant in all your IT-related activities.