Tag: cybersecurity disclosure rules

Corporate GovernanceSecurities

Corp Fin adds one more new CDI on Form 8-Ks for material cybersecurity incidents

A few days ago, Corp Fin issued three new CDIs relating to delays in reporting material cybersecurity incidents on Form 8-K. Those CDIs, together with the Department of Justice Material Cybersecurity Incident Delay Determinations, addressed questions related to the Attorney General’s determination—or not—that disclosure of the incident on Form 8-K would pose a substantial risk to national security or public safety. (See this PubCo post.) Yesterday afternoon, Corp Fin added a new CDI on a closely related topic—the impact of a DOJ consultation on a determination, for reporting purposes, about the materiality of the incident itself. As Corp Fin Director Erik Gerding observed in a speech yesterday on cybersecurity disclosure, the CDI was intended to ensure that companies are not deterred from consulting with the DOJ or other national security agencies. The new CDI can be found under the caption Exchange Act Forms, in Section 104B, Item 1.05 Material Cybersecurity Incidents.  A summary is below, but the CDI number is linked to the CDI on the SEC website, so you can easily read the version in full. 

/ December 15, 2023
Corporate GovernanceSecurities

Corp Fin issues new CDIs on delaying Form 8-Ks for material cybersecurity incidents

Corp Fin has just released some new CDIs, summarized below, relating to material cybersecurity incidents.  As you know, in July, the SEC voted, three to two, to adopt final rules on cybersecurity disclosure, which includes a requirement for material  incident reporting on Forms 8-K and 6-K.  Compliance with the 8-K and 6-K incident disclosure requirements will be required for all companies other than smaller reporting companies beginning on December 18, 2023. SRCs will have an additional 180 days deferral. (See this PubCo post.) The new CDIs can all be found under the caption Exchange Act Forms, in a new Section 104B, Item 1.05 Material Cybersecurity Incidents.  Summaries are below, but each CDI number is linked to the CDI on the SEC website, so you can easily read the version in full. 

/ December 14, 2023
Corporate GovernanceSecurities

Compliance dates for SEC cybersecurity disclosure rules

As you know, the SEC adopted final rules on cybersecurity disclosure on July 26, with compliance dates tied to publication in the Federal Register. (See this PubCo post.) Those rules were published on August 4 with compliance dates spelled out in the published release.  

/ August 7, 2023