SEC final rule introduces digital cybersecurity reporting

Posted on September 8, 2023 by Editor

The US Securities and Exchange Commission (SEC) has published its final rule on Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure by public companies. This will require companies to make annual disclosures on cybersecurity risk management, strategy, and governance, as well as additional disclosures following any material cybersecurity incidents, using Inline XBRL.

By introducing standardised, structured data the SEC seeks to “make the disclosures more accessible to investors and other market participants and facilitate more efficient analysis.” Proposal commenters largely welcomed the potential for automated extraction and analysis. To ease implementation, and alleviate any additional reporting burden, the SEC has built in staggered compliance dates for Inline XBRL reporting, each applying one year after the initial disclosure mandate.

This rule has proved controversial, with some questioning the appropriateness of increased transparency in an arena with potential business sensitivities, as well as the time pressures around incident disclosures. Our view, however, is that here – as so often – sunshine is the best disinfectant. These are increasingly important areas of risk where stakeholders require high-quality information.

“Whether a company loses a factory in a fire — or millions of files in a cybersecurity incident — it may be material to investors,” said SEC Chair Gary Gensler. “Currently, many public companies provide cybersecurity disclosure to investors. I think companies and investors alike, however, would benefit if this disclosure were made in a more consistent, comparable, and decision-useful way. Through helping to ensure that companies disclose material cybersecurity information, today’s rules will benefit investors, companies, and the markets connecting them.”

Read more in the SEC’s announcementfact sheet, and the final rule itself.

Other Posts


Would you like
to learn more?

Join our Newsletter mailing list to
stay plugged in to the latest
information about XBRL around the world.

By clicking submit you agree to the XBRL International privacy policy which can be found at xbrl.org/privacy