SEC Cybersecurity Disclosure Readiness and Remediation


Let Optiv experts help you prepare for cybersecurity incident disclosure and proactive risk management.


SEC Approves New Cybersecurity Disclosure Ruleset

On July 26, 2023, the U.S. Securities and Exchange Commission (SEC) approved a cybersecurity disclosure ruleset. To improve transparency for shareholders, the SEC requires publicly traded companies to comply with new rules focused on cybersecurity risk management, strategy, governance and incident disclosure.


Business leaders need to strategize on how to determine incident materiality and prepare for fiscal year reporting. Optiv provides actionable solutions to address the immediate disclosure requirements while strengthening cybersecurity posture.


Jump to Readiness and Remediation Services

SEC Requirements for Cybersecurity Disclosure


The SEC cybersecurity disclosure ruleset mandates that publicly traded companies must disclose accurate and timely information regarding cybersecurity risks and incidents that could have a material impact on investors. This includes disclosing risks related to data theft, system failures, network outages.
Following the implementation of the SEC cybersecurity final rule in December 2023, the following SEC cybersecurity reporting requirements and forms:
Disclosures addressing risk management, strategy and governance:


  • Form S-K Item 106
  • Foreign Private Issuers (FPI): Form 20-F


In the case of an incident:


  • Form 8-K Item 1.05
  • Foreign Private Issuers (FPI) Form 6-5


Optiv subject-matter experts have broken down the requirements that all organizations should focus on to ensure SEC compliance. Review the highlights to see if your business is prepared.

Risk Management and Strategy
  • Processes for identifying and managing all material cybersecurity risks, including risks associated with third-party service vendors
  • Understanding of the third-party stakeholders engaged with your processes, including consultants and auditors

Key SEC workstreams to assess and mature.


SEC Cybersecurity Disclosure Services


Optiv’s SEC Disclosure Readiness services are designed for the rapid identification of ruleset compliance gaps and the prioritization of actionable steps to remain compliant for subsequent years. We leverage our leading cybersecurity expertise and adaptable program methodology to proactively partner with you to address key disclosure focal points, including cybersecurity risk management, strategy, governance, incident disclosure and reporting, metrics and cyber education.
Depending on your business needs and security program maturity, Optiv SEC-focused readiness, remediation and related service offerings will help you prepare and remain compliant with our SEC cybersecurity guidance. Learn more about these services below.

Get Up to Speed



Ensure Compliance: SEC Cybersecurity Disclosure Ruleset
Optiv's SVP, Associate General Council, Jacquelyn Wayne, shares her tips on how your organization can ensure compliance with the SEC cybersecurity disclosure ruleset.

Watch Now



Public Real Estate Company Gets SEC Ready
Optiv helped a public real estate company achieve SEC compliance readiness and created a thorough security program enhancement roadmap.




Time Is of the Essence With SEC’s Approved Cybersecurity Disclosure Rules


Read an Optiv legal expert’s insights on the SEC disclosure ruleset.


Read Blog



Are You SEC Ready? What You Need to Know about Cyber Disclosure Rules


Watch Optiv leaders explain the significance of determining materiality, board impacts and third-party cyber risks.


Watch Now



SEC Disclosure Readiness Guide
Determine your organization's SEC readiness with Optiv's guide that leverages industry-recognized frameworks to assess company maturity.




Optiv's SEC Cyber Disclosure Rule Placemat


The new SEC Cybersecurity Disclosure Rules summarized. Optiv experts have created a placemat outlining the key information to be prepared.



Be Prepared


With Optiv’s guidance, gain the reassurance that your organization can confidently demonstrate a rapid, repeatable incident response and disclosure process to the SEC and your investors. Plus, enhance your cybersecurity posture, reporting, metrics and educational efforts so that you can develop proactive, sustainable response and remediation plans.