Prepare for investor scrutiny and enhance your cybersecurity capabilities to get ahead of the new SEC disclosure rules.

The SEC’s new Public Company Cybersecurity Disclosures Rule has gone into effect, requiring all publicly held companies (registrants) to enhance and standardize disclosure regarding cybersecurity risk management, strategy, governance, and material cybersecurity incidents.

We’ll sit down with your team, understand where you are today from a cyber posture standpoint, and develop a SEC-aligned roadmap to position you for compliance.

Public companies must report on the required proficiencies below:

Cyber Risk Management and Strategy
  • A cyber risk management program is established and maintained
  • An enterprise cyber risk assessment is conducted, at least once annually
  • Cybersecurity policies and standards are implemented and maintained
  • Monitoring and reporting of cyber resilience and posture occurs on a regular basis
Cyber Governance
  • Addressing cyber risk as a requisite function in financial planning and strategic and capital allocation decision-making
  • Board and management governance includes regular updates, continuous learning, incorporates decision-making to be disclosed in regulatory findings
  • Security leadership designated with appropriate level of expertise
Cyber Incident Disclosure
  • The organization can discover cybersecurity events in a timely manner
  • Incident/crisis response team is prepared to respond and is proficient with tooling
  • A process to determine incident materiality is established and well-understood by stakeholders
  • An incident register is maintained, and finance team is practiced for 4-day and periodic reporting requirement

Layer 8 Security SEC Cyber Advisory
Services Include:

  • Virtual CISO
  • Security Strategy Workshop
  • Information Security Risk Assessment
  • Security Engineering and Cyber Awareness Training
  • Cyber and Third-Party Risk Management Programs
  • Incident Response Planning and Readiness
  • Asset Management and Discovery
  • Vulnerability Management and Attack Surface Testing

Talk with our award-winning team