New SEC Cybersecurity Disclosure Requirements: Does Your Company Have a Disclosure Plan?

On July 26, 2023, the SEC adopted new cybersecurity disclosure rules required for all publicly traded companies in their upcoming annual reports beginning with December 18th year-end filers or later. This means that for all 12/31 year-end companies, the new Cybersecurity Risk Management, Strategy, Governance, and Incident Response Disclosure Rules must be addressed and disclosed in the upcoming 10-K.

The updated requirements are exceedingly stringent, but at a high level, these new mandates set strict guidelines for:

  • Maintaining a comprehensive cyber risk management program and processes to identify, manage, and reduce cyber risk exposure
  • Governance of cyber risk management, including leadership oversight, monitoring, and accountability for cyber risk management programs
  • Disclosure of material cybersecurity incidents four business days after deemed material

Why Is This important?

The successful implementation and maintenance of the items highlighted above reduces risk exposure, provides a roadmap of the different risk areas that impact your organization, and critical categorization and management processes for risk mitigation. Having a detailed inventory of applicable risks and how to respond will allow organizations to proactively monitor and manage the threat landscape, help comply with regulatory requirements, and provide investors clearer visibility into the cyber risk management practices that help protect the company and prevent future financial losses.

How is Your Company Preparing the New Disclosure Requirements?

As 10-K filing deadlines draw closer and closer, it’s crucial that each company has a plan for developing the new Cybersecurity Risk Management, Strategy, and Governance Disclosure in S-K Item 106, as required. Keep in mind this can’t be the same ‘rinse & repeat’ approach that may be used for other established and unchanged disclosure requirements. Preparers must develop risk management descriptions that address each of the newly required disclosure points of focus. For companies that don’t have a centralized disclosure preparation process or without expertise regarding the new cyber requirements, waiting to address the requirements and assemble the disclosure until the last minute is ill-advised. Each company should prepare in advance for how they will comply and who will be responsible for developing the disclosure. Whether it’s internal teams or through the use of outside consultants, having a plan may be the difference between successful or unsuccessful disclosure compliance.       

How Centri Can Help

Centri has been following the SEC rollout of these requirements closely. We have performed extensive research and training and are well-prepared to guide your organization through this transition. Our team has the expertise needed not only to help your organization reach compliance but also to craft a personalized disclosure template to be enclosed with your 10-K filing.

Our tailored approach will take you through the necessary steps to ensure the successful and timely implementation of these requirements and help develop the new disclosures required for filing as efficiently as possible, with minimal disruption to your daily business needs.

At Centri, our IT risk and cybersecurity advisory and SEC compliance and financial reporting services are designed with your greatest assets in mind — your people. We’re here to offer you the support, resources, and expertise you need, exactly when you need it most. Our advisory experts work alongside your senior leadership to help understand your current needs and align them with the right solutions. Please contact us for more information or to explore how our expertise in cybersecurity risk management and SEC compliance aligns with the specific needs of your company.

Rich Sowalsky

Managing Director | IT Risk & Cybersecurity Practice Leader | CISA

Rich is a Managing Director at Centri Business Consulting and the leader of the firm’s IT Risk & Cybersecurity Practice. He has more than 14 years of combined experience in internal control consulting, IT risk, cybersecurity advisory, and risk-based internal audits and accounting. View Rich Sowalsky's Full Bio

Karyn DiMassa

Managing Director | CPA, PMP, CISA, CFE

Karyn is a Managing Director in the IT Risk & Cybersecurity Practice at Centri Business Consulting. She has more than 13 years of combined experience in internal IT audit and external audit support (IT controls), third-party assurance (SOC 1 and SOC 2 reporting), internal controls consulting, project management, IT risk and cybersecurity, and system implementation support. View Karyn DiMassa's Full Bio

Kevin Zeina

Senior Manager | CPA

Kevin is a Senior Manager at Centri Business Consulting within the Risk Advisory Practice. He has more than 13 years of experience in internal audit, SOX testing, and risk advisory services. View Kevin Zeina's Full Bio

About Centri Business Consulting, LLC

Centri Business Consulting provides the highest quality advisory consulting services to its clients by being reliable and responsive to their needs. Centri provides companies with the expertise they need to meet their reporting demands. Centri specializes in financial reportinginternal controlstechnical accounting researchvaluationmergers & acquisitions, and tax, CFO and HR advisory services for companies of various sizes and industries. From complex technical accounting transactions to monthly financial reporting, our professionals can offer any organization the specialized expertise and multilayered skillsets to ensure the project is completed timely and accurately.

Eight Penn Center
1628 JFK Boulevard
Suite 500
Philadelphia, PA 19103
New York City
530 Seventh Avenue
Suite 2201
New York, NY 10018
4509 Creedmoor Rd
Suite 206
Raleigh, NC 27612
615 Channelside Drive
Suite 207
Tampa, FL 33602
1175 Peachtree Street NE
Suite 1000
Atlanta, GA 30361
50 Milk Street
18th Floor
Boston, MA 02109
Tysons Corner
1775 Tysons Blvd
Suite 4131
McLean, VA 22102
One Tabor Center
1200 17th St.
Floor 26
Denver, CO 80202
Centri Everywhere


Top 5 Cybersecurity Resolutions for 2024

New Year, New Cybersecurity Program! The start of a new year is...

Read More


What to Be Aware of for Public Company Compliance with the SEC’s New Cybersecurity Disclosure Rules

The U.S. Securities and Exchange Commission’s (SEC) adoption of new Cybersecurity Disclosure rules have...

Read More

Related Services