The newly adopted amendments and rules concerning public company cybersecurity disclosures will:

• add Regulation S-K Item 106, requiring registrants to describe their processes for assessing, identifying, and managing material risks from cybersecurity threats, as well as the material effects of risks from cybersecurity threats and previous cybersecurity incidents. Concerning Regulation S-K Item 106 and the comparable requirements in Form 20-F, registrants are required to provide these disclosures beginning with annual reports (10-K) for fiscal years ending on or after December 15, 2023.
• require all registrants (other than smaller reporting companies) to begin providing the disclosures in Form 8-K Item 1.05 and in Form 6-K 90 days after the date of publication in the Federal Register or December 18, 2023, whichever is later
• require all registrants, concerning structured data requirements, to tag disclosures required under the final rules in Inline eXtensible Business Reporting Language (Inline XBRL) beginning one year after initial compliance with the related disclosure requirement
• allow smaller reporting companies an 180 days and must begin complying with Form 8-K Item 1.05 on the later of 270 days from the effective date of the rules or June 15, 2024.

The final rule will go into effect 30 days following its publication in the Federal Register.

For further details on the final rule, visit the SEC’s website.

Source:

SEC Adopts Rules on Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure by Public Companies (sec.gov)