top of page

BreachRisk™ Use Case:

SEC Disclosure (Item 1.05 Form 8-K)

compliance

Tags:

Type

1st-Party

Key Roles

Chief Risk Officer, CFO, VP Cyber, CISO, CEO, Risk Manager

Key Feature Aspects:

fair, scalable, easy, enterprise risk management, GRC

About this Use Case

 LIVING DOCUMENT

Progress Updated Periodically

The Securities and Exchange Commission adopted rules requiring registrants to disclose material cybersecurity incidents they experience and to disclose on an annual basis material information regarding their cybersecurity risk management, strategy, and governance.

Success Summary

Why BreachRisk™ is a good fit

Out of the box, BreachRisk delivers cyber risk insights in the language of enterprise risk management. Organizations can adopt BreachRisk and benefit from using similar risk management lexicon to institute mature programs around this requirement.

Barriers or misconceptions

We are still discovering barriers here. At present, the only barrier appears to be unawareness that BreachRisk can help.

Key outcomes

Without skipping a beat, organizations remain SEC compliant and avoid breaches and therefore avoid the need to file Form 8-K. Boards are supported with risk management and monitoring services.

Discussion

In July 2023, the SEC announced new cyber risk management and incident disclosure rules.


SEC Adopts Rules on Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure by Public Companies

https://www.sec.gov/news/press-release/2023-139


As of December 2023, applicable companies are required to comply with the new rule.


  • File Form 8-K and Form 6-K (for foreign issuers) within four days of a material incident. This means security teams must be able to detect incidents, investigate fast, and provide detailed reports.

  • Periodically disclose cybersecurity risk management, strategy, and governance in annual reports on Form 10-K and Form 20-F (for foreign issuers).

  • Describe the company's board oversight of cybersecurity risk, including management's role and expertise. Companies will aim to form board committees and appoint cybersecurity experts to their board. 


How BreachRisk can help

Some customers leverage BreachRisk service to:

  • Enable company boards to exercise oversight over cybersecurity risk.

  • Bolster management's expertise.

  • Support board committees.

  • Support appointed cybersecurity experts to boards.

  • Be a critical part of cyber risk management and strategy processes, including metrics and other KPIs of such programs

  • Prevent breaches by being able to predict them before compromise, thereby avoiding filing of Form 8-K/6-K.


Next Steps

This use case is evolving as the SEC rule rolls out to applicable organizations, and as organizations coalesce around an standard of care that will prove to be successful.


If this SEC rule applies to you, please Contact Us for more information on how we can help.


bottom of page