SEC Rules on Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure

Get Ready

What’s in the SEC’s New Cybersecurity Rules?

The Securities & Exchange Commission’s new Regulation S-K Item 106 in the Form 10-K requires a description of the policies and procedures, if any, for the identification and management of cybersecurity threats, including, but not limited to: operational risk (i.e., disruption of business operations), intellectual property theft, fraud, extortion, harm to employees or customers, violation of privacy laws and other litigation and legal risk, reputational risk. 

These new cybersecurity rules will also require public companies to disclose the details of any cybersecurity incident they determine to be material on the new Item 1.05 of Form 8-K within four days of determining materiality. Foreign private issuers are now also required to make comparable disclosures. 

The SEC Rules on Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure take effect in December 2023 and are making cybersecurity a board focus area like never before. Now is the time to assess your operational risk levels.

What Is Operational Risk?

"Operational risk refers to any situation which could cause a loss of view or loss of control to your connected processes and functions, where view and/or control cannot be recovered automatically or remotely from manipulation."

What Can Executives Do to Manage Operational Risk?

Managing operational risk requires embedding cyber resilience programs into your overall risk management strategy.

Security leaders often feel comfortable managing IT risk, however, a detailed understanding of operational technology (OT) devices and systems is required to provide the contextual information needed to mitigate, accept, or avoid operational risk.

Risk assessments are available to analyze this information at scale and to assess the implementation, or lack thereof, of key security controls across operations.

Leverage existing frameworks and best practices for risk management, such as the NIST Cybersecurity Framework and the IEC 62443 Standards, to ensure appropriate policies and procedures are in place.
Educate leadership on the differences between IT and OT, so you can empower your teams with the processes and technology to manage risk in these areas effectively.
Ensure that 100% of critical assets contributing to revenue are identified and secured, including OT systems, which require a unique approach to protection.
Standardize and scale operational risk management processes across the enterprise.

Nozomi Networks Provides the Foundational Visibility to Scale Operational Risk Management

Cybersecurity is an operational risk affecting the entire organization, not just IT. Our platform helps executives prioritize and mitigate operational risks inside their most critical assets across sites, regions and teams.

Create and Manage a Complete OT/IoT Asset Inventory

Our platform provides continuous visibility into every operational technology asset, its function and its risk levels.

Learn More
Quickly Determine Where Your Operational Risk Lies

Nozomi Networks vulnerability analysis learns about your unique environment and provides a prioritized list of remediation steps, patches and upgrades.

Learn More
Vantage Vulnerability & Risk Dashboard
Spot Malicious Activity Sooner

Nozomi Networks’ AI-powered monitoring quickly pinpoints the security threats and anomalies that matter most to help reduce impact severity and analyze root causes of incidents.

View Platform
Vantage alert

Take the next step.

Discover how easy it is to identify and respond to cyber threats by automating your IoT and OT asset discovery, inventory, and management.