SEC Adopts New Rules For Cybersecurity Incidents

Published On: July 31st, 2023Categories: Business Technology, Cyber Security, Individual, Small Business, Tech Tips

On July 26, 2023, the SEC (U.S. Securities and Exchange Commission) approved new rules regarding cybersecurity risk management, strategy, governance, and incident disclosure by public companies.

The new rule requires publicly traded companies to provide details of a cyber incidents within four business days of identifying the breach. Four days may seem a bit aggressive, but some countries have much stricter guidelines. For example, India has a six-hour breach notification rule.

The SEC also added Regulation S-K Item 106, which requires public companies to disclose information regarding their cybersecurity risk management, strategy, and governance annually in the registrant’s Form 10-K.

If you do not have a well-documented incident response and communication plan, now is the time to begin working on one! Our IT specialists can assist you in complying with these new regulations. You can find more information on the new rules at

Share This Story, Choose Your Platform!

About the Author: Eric Vicencio

Eric began his career in healthcare, and he has been working in the IT field since 2006 when he graduated from Northern Illinois University. Eric specializes in Infrastructure, SQL and compliance: Licensing, HIPAA, GLBA and PCI.