< back to insights gallery

SEC proposes rules regarding cybersecurity-related disclosures

ARTICLE | March 10, 2022 | Authored by RSM US LLP

On March 9, 2022, the SEC released proposed rule amendments regarding various required cybersecurity-related disclosures. Among other stipulations, the proposed amendments would require:

  • Current reporting about material cybersecurity incidents on Form 8-K within four business days after the registrant determines that it has experienced a material cybersecurity incident. The SEC would not expect a registrant to publicly disclose specific, technical information about its planned response to the incident or its cybersecurity systems, related networks and devices, or potential system vulnerabilities in such detail as would impeded the registrant’s response or remediation of the incident. However, to the extent the information is known at the time of the Form 8-K filing, the disclosure should include:
    • When the incident was discovered and whether it is ongoing
    • A brief description of the nature and scope of the incident
    • Whether any data was stolen, altered, accessed or used for any other unauthorized purpose
    • The effect of the incident on the registrant’s operations
    • Whether the registrant has remediated or is currently remediating the incident
  • Periodic reporting on Form 10-Q and Form 10-K to provide updated disclosure about previously reported cybersecurity incidents and to require disclosure, to the extent known to management, when a series of previously undisclosed individually immaterial cybersecurity incidents has become material in the aggregate
  • Annual reporting in Form 10-K to provide disclosure about:
    • The registrant’s policies and procedures, if any, for the identification and management of risks from cybersecurity threats, including, among other matters, whether the registrant considers cybersecurity as part of its business strategy, financial planning and capital allocation
    • The registrant’s cybersecurity governance, including the board of directors’ oversight role regarding cybersecurity risks
    • Management’s role, and relevant expertise, in assessing and managing cybersecurity-related risks and implementing related policies, procedures and strategies
  • Annual reporting or proxy disclosure about the board of directors’ cybersecurity expertise, if any, including the name(s) of any such director(s) and any detail necessary to fully describe the nature of the expertise
  • The cybersecurity disclosures to be presented in Inline eXtensible Business Reporting Language

Let’s Talk!

Call us at (541) 773-6633 (Oregon), (208) 373-7890 (Idaho) or fill out the form below and we’ll contact you to discuss your specific situation.

  • Topic Name:
  • Should be Empty:

This article was written by RSM US LLP and originally appeared on Mar 10, 2022.
2022 RSM US LLP. All rights reserved.

RSM US Alliance provides its members with access to resources of RSM US LLP. RSM US Alliance member firms are separate and independent businesses and legal entities that are responsible for their own acts and omissions, and each are separate and independent from RSM US LLP. RSM US LLP is the U.S. member firm of RSM International, a global network of independent audit, tax, and consulting firms. Members of RSM US Alliance have access to RSM International resources through RSM US LLP but are not member firms of RSM International. Visit rsmus.com/aboutus for more information regarding RSM US LLP and RSM International. The RSM(tm) brandmark is used under license by RSM US LLP. RSM US Alliance products and services are proprietary to RSM US LLP.

KDP is a proud member of RSM US Alliance, a premier affiliation of independent accounting and consulting firms in the United States. RSM US Alliance provides our firm with access to resources of RSM US LLP, the leading provider of audit, tax and consulting services focused on the middle market. RSM US LLP is a licensed CPA firm and the U.S. member of RSM International, a global network of independent audit, tax and consulting firms with more than 43,000 people in over 120 countries.

Our membership in RSM US Alliance has elevated our capabilities in the marketplace, helping to differentiate our firm from the competition while allowing us to maintain our independence and entrepreneurial culture. We have access to a valuable peer network of like-sized firms as well as a broad range of tools, expertise, and technical resources.

For more information on how KDP LLP can assist you, please call us at:

Oregon Office:
(541) 773-6633

Idaho Office:
(208) 373-7890