July 26, 2023 marked a watershed moment for the corporate world as the Securities and Exchange Commission (SEC) unveiled its groundbreaking Final Rule on “Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure.” This new policy represents a significant response to the escalating cyber threats that permeate today’s digital landscape. It sets out to address these threats by establishing a framework that enables better control of cyber risk, particularly for publicly traded companies referred to as “registrants.” The rule also mandates the adoption of evolving cybersecurity standards.

Convergint, a leader in cybersecurity solutions, both recognizes and addresses the specific challenges this rule presents to corporations that operate in the US. At the same time, Convergint appreciates the intended outcomes of the rule and the advantages of a more collaborative partnership between the federal government and the private sector specific to cyber threat counteroffensives.

The SEC’s new rules at a glance

The SEC has introduced groundbreaking regulations, marking a pivotal moment in cybersecurity management for public companies. These rules mandate:
  • Disclosure of material cybersecurity incidents: Public companies (registrants) must promptly disclose significant cybersecurity incidents, providing detailed information about the incident’s nature, scope, timing, and material impact. This disclosure ensures transparency and compliance with regulatory requirements on the publicly accessible SEC filing platform, EDGAR.

  • Timely disclosure: Registrants must use a new form, Item 1.05 of Form 8-K, to disclose incidents within four business days of determining their materiality. However, national security or public safety concerns, as determined by the U.S. Attorney General, may allow for disclosure delays.

  • Annual reporting requirements: Registrants must describe their processes for identifying, assessing, and managing cybersecurity risks, including the oversight of these risks by the board of directors and management’s role. These disclosures are included in the annual report on Form 10-K.

  • Foreign private issuers: Foreign private issuers are also subject to similar disclosure requirements, reporting material cybersecurity incidents on Form 6-K and cybersecurity risk management, strategy, and governance on Form 20-F.

  • Effective dates: The new rules become effective 30 days after publication in the Federal Register, with compliance deadlines varying, including disclosures due for fiscal years ending on or after December 15, 2023.

  • Structured data requirements: Registrants must use Inline XBRL to tag disclosures under these rules one year after initially complying with the related disclosure requirement.

Positive outcomes:

Compliance with new rules may be challenging, but benefits include:

  • Enhanced transparency: The rule seeks to foster a culture of transparency and accountability among registrants regarding cybersecurity incidents, ensuring that investors have access to critical information for their decision-making processes. 

  • Improved risk management: By compelling registrants to promptly disclose material incidents, the rule encourages the adoption of superior cybersecurity risk management practices, thereby strengthening their cyber defenses. 

  • Support for national security: The provision allowing reporting delays based on national security grounds strikes a delicate balance, ensuring sensitive information remains safeguarded without compromising security and transparency imperatives. 

Convergint’s cybersecurity capabilities

Convergint’s specialized solutions enhance cybersecurity strategies, providing cost-effective and robust cyber defenses customized to the unique needs of organizations across various industries.

  • Securing security systems:  Convergint delivers comprehensive and scalable cybersecurity solutions tailored to clients’ specific needs, ensuring continuous protection of systems.

  • Securing surveillance systems from cyber threats:  Modern surveillance systems, integrated with IT infrastructure, pose cyber threats to organizations, requiring robust, comprehensive solutions to safeguard operations while maintaining efficiency.

  • Enhancing organizations’ cybersecurity defenses: Organizations benefit from Convergint’s culture of service, expert colleagues, tailored solutions, global consistency, innovation, and strategic alliances for exceptional security and business support.

Contact us

Convergint’s specialized strategic team serves as the central hub for addressing security standards, specifications, and global expectations. An extensive global presence enables the delivery of personalized solutions that cater to the unique requirements of businesses in rapidly evolving local markets. Contact a Convergint cybersecurity expert for a review of your organization’s cybersecurity posture.