HR trends shaping the future of work in 2025
Ethics and compliance
On July 26, 2023, the US Securities and Exchange Commission (SEC) adopted new rules imposing a four-day timeline for reporting cybersecurity incidents and requiring public companies to periodically disclose their cybersecurity risk management processes and governance. The SEC actions aim to protect investors from the negative economic impact of increasing cyberattacks. IBM’s annual Cost of […]
On July 26, 2023, the US Securities and Exchange Commission (SEC) adopted new rules imposing a four-day timeline for reporting cybersecurity incidents and requiring public companies to periodically disclose their cybersecurity risk management processes and governance. The SEC actions aim to protect investors from the negative economic impact of increasing cyberattacks.
IBM’s annual Cost of Data Breach Report finds that businesses spend $4.5 million every time they get hit by a data breach. The SEC’s new rules put the onus on companies to provide investors with information about how they manage cyber risks.
According to the SEC, periodic disclosures are due beginning with annual reports for fiscal years ending on or after December 15, 2023. Incident disclosures are due 90 days after the date the new rules are published in the Federal Register or December 18, 2023, whichever is later. “Smaller companies” as defined by the SEC have an additional 180 days to report a cyber incident.
To prepare for the new SEC rules, companies should ask themselves:
The most effective way of dealing with the SEC’s new rule is to prevent cybersecurity breaches from occurring in the first place. Traliant’s Data Privacy and Information Security training raises workforce awareness on how to safeguard customer and company information.