The SEC has instituted a set of guidelines “requiring registrants to disclose material cybersecurity incidents they experience and to disclose on an annual basis material information regarding their cybersecurity risk management, strategy, and governance.” These new guidelines went into effect on December 18, 2023, which means 2024 will be an important year for enterprises and how they adhere to current security regulations. Establishing a reporting infrastructure that sheds light on what, how, and when security incidents are disclosed is important for the industry at large and is a huge step toward having cybersecurity seen as a business-wide issue.

Source: Help Net Security