SEC Cybersecurity Disclosure Readiness and Remediation


Let Optiv experts help you prepare for cybersecurity incident disclosure and proactive risk management.



On July 26, 2023, the U.S. Securities and Exchange Commission (SEC) approved a cybersecurity disclosure ruleset. To improve transparency for shareholders, the SEC requires publicly traded companies to comply with new rules focused on cybersecurity risk management, strategy, governance and incident disclosure.


Business leaders need to strategize on how to determine incident materiality and prepare for fiscal year reporting on or after mid-December 2023. Optiv provides actionable solutions to address the immediate disclosure requirements while strengthening cybersecurity posture.


Jump to Readiness and Remediation Services



With the SEC’s adoption of the new ruleset, publicly traded companies of all sizes are now in a race to comply ahead of the looming deadlines. Form 10-K disclosures will be due beginning with annual reports for fiscal years ending on or after December 15, 2023. In the case of incident disclosure, or Form 8-K, the rules will become effective on December 18, 2023. Smaller reporting companies will have up to an additional 180 days to comply with the material incident disclosure requirements.


Optiv subject-matter experts have broken down the requirements that all organizations should focus on to ensure SEC compliance. Review the highlights to see if your business is prepared.

Risk Management and Strategy
  • Processes for identifying and managing all material cybersecurity risks, including risks associated with third-party service vendors
  • Understanding of the third-party stakeholders engaged with your processes, including consultants and auditors

To help break down the SEC requirements and the cybersecurity programs that they impact, Optiv experts have determined the following key workstreams to assess and mature.




Optiv’s SEC Disclosure Readiness services are designed for the rapid identification of ruleset compliance gaps and the prioritization of actionable steps to remain compliant for subsequent years. We leverage our leading cybersecurity expertise and adaptable program methodology to proactively partner with you to address key disclosure focal points, including cybersecurity governance, risk management, incident reporting, metrics and cyber education. 


Depending on your business needs and security program maturity, Optiv SEC-focused readiness, remediation and related services offerings will help you prepare and remain compliant. Learn more about these services below.

Get Up to Speed



Ensure Compliance: SEC Cybersecurity Disclosure Ruleset
Optiv's SVP, Associate General Council, Jacquelyn Wayne, shares her tips on how your organization can ensure compliance with the SEC cybersecurity disclosure ruleset.

Watch Now



Public Real Estate Company Gets SEC Ready
Optiv helped a public real estate company achieve SEC compliance readiness and created a thorough security program enhancement roadmap.




Time Is of the Essence With SEC’s Approved Cybersecurity Disclosure Rules


Read an Optiv legal expert’s insights on the SEC disclosure ruleset.


Read Blog



Are You SEC Ready? What You Need to Know about Cyber Disclosure Rules


Watch Optiv leaders explain the significance of determining materiality, board impacts and third-party cyber risks.


Watch Now



SEC Disclosure Readiness Guide
Determine your organization's SEC readiness with Optiv's guide that leverages industry-recognized frameworks to assess company maturity.




Optiv's SEC Cyber Disclosure Rule Placemat


The new SEC Cybersecurity Disclosure Rules summarized. Optiv experts have created a placemat outlining the key information to be prepared.



Be Prepared


With Optiv’s guidance, gain the reassurance that your organization can confidently demonstrate a rapid, repeatable incident response and disclosure process to the SEC and your investors. Plus, enhance your cybersecurity posture, reporting, metrics and educational efforts so that you can develop proactive, sustainable response and remediation plans.