Determining Cyber Materiality in a Post-SEC Cyber Rule WorldFreund, JackJorion, NatalieISSA Journal
The SEC does not provide a one-size-fits-all formula and it is up to each organization to create the required definition and documentation to support materiality. 3. Material Cybersecurity Incident Disclosure: Public companies must disclose material incidents within four business days, focusing on ...
A cybersecurity incident that a company determines to have had a material impact, or that is reasonably likely to result in a material impact, must disclose it on a Form 8-K within four business days after the company makes a materiality determination, even if the resolution or apparent re...
Materiality in SEC Cyber Regulations Rich: We don't really have much right now. If we could just get to good, our corporate environments would be that much better. And I think there's a lot of criticism around the rule because it's not perfect. And I think my view is I'm just hap...
Mr. Gerding stated also that information technology practitioners would benefit from the insight of accountants, particularly with respect to materiality. [Paragraph added December 19, 2023] The materiality of the impact of a cybersecurity incident to a registrant does not depend on whether the ...
If a company chooses to disclose a cybersecurity incident for which it has not yet made a materiality determination, or a cybersecurity incident that the company determined was not material, the Division of Corporation Finance encourages the company to disclose that cybersecurity incident under a ...
mitigation regulations, and economic and market trends. Many investors have asked for more disclosure requirements and oversight since 2010. However, others have asserted that extensive disclosures impose unreasonable burdens on companies or seek information that does not clear the SEC’s materiality ...
” Gensler said that, although he was aware of the political ebb and flow, he would be grounded in the economic side together with the courts’ definition of materiality as based on the type of information reasonable investors want among the total mix to make voting and investment decisions. ...
audit matters (CAMs); Brexit; implementation of, and continued focus on, the application of the FASB’s new standards on revenue recognition, leases, and credit losses (the “new GAAP standards”); the potential transition away from the London Interbank Offered Rate (...
Let’s concentrate, for a moment, on the “materiality” of the impact. How would an organization know if a cyber event constituted a material impact? One could use adefinitionby the U.S. Securities and Exchange Commission, which is a time-tested and familiar materiality standard used for ...