Strengthening cyber resilience: Strategies to address new SEC mandates

ARTICLE | December 12, 2023

Authored by RSM US LLP

The increasing frequency and sophistication of cyberattacks have made businesses more vulnerable in today’s digital world. Organizations must have an effective response plan in place to tackle this issue. The U.S. Securities and Exchange Commission (SEC) has mandated that public companies implement such strategies to ensure timely and effective disclosure of security breaches to safeguard investors and stakeholders. In this article, we’ll explore the significance of cyber incident response plans, their impact on businesses and how managed security services can help enhance cyber resilience.

The SEC's new cybersecurity incident disclosure rules

Publicly traded companies are now required by the SEC to disclose any material impact that security breaches may have on their operations within four business days. The Form 8-K requirement is triggered when the event has been determined to be material, not the date of the event. This rule aims to increase transparency and provide investors with timely and accurate information about potential risks.

Additionally, companies must regularly provide information on their risk management processes as well as regular updates on the status of events previously reported on Form 8-K to demonstrate their commitment to cybersecurity and ensure that they are adequately prepared to handle any cyberthreats that may arise.

Publicly traded companies are now required by the SEC to disclose any material impact that security breaches may have on their operations within four business days.

The benefits of cyber incident response plans

A comprehensive cyber incident response plan offers several benefits to organizations. Firstly, it ensures a structured and coordinated approach to handling security breaches, minimizing response times and reducing the potential for further damage. A well-prepared response plan enables businesses to quickly assess the nature and extent of an incident, mitigate its impact and initiate the necessary remediation measures.

Secondly, cyber incident response plans facilitate effective communication both internally and externally. By clearly defining roles, responsibilities and communication channels, organizations can ensure that relevant stakeholders are promptly informed about the incident and its implications. This transparency helps build trust and confidence among investors, customers and partners, mitigating potential reputational damage.

Incident response mandates for cyber insurance policies

In addition to SEC mandates, many organizations now require robust incident response plans to renew their cyber insurance policies. Insurers want to ensure that policyholders are well-prepared to handle security breaches effectively. Having a comprehensive plan in place not only demonstrates a commitment to cybersecurity but also enhances an organization's eligibility for favorable insurance terms.

Challenges for organizations

While the SEC's cybersecurity incident disclosure rules aim to improve transparency and accountability, implementing effective cyber incident response plans can pose challenges for organizations. One key challenge is the rapid evolution of cyberthreats. Cybercriminals continuously adapt their tactics, making it crucial for organizations to stay updated on emerging threats and vulnerabilities.

A plan for compliance

Establishing an effective plan is where RSM's experience can come into play. By delivering effective managed security services solutions, offering managed security operations and incident response development and assessment services, our team of advisors can develop and maintain robust cyber incident response plans for your organization.

With RSM Defense Managed XDR, your organization can benefit from advanced threat intelligence and on-premise and cloud monitoring solutions with 24/7/365 security operations coverage.

We assist organizations with the following:

  • Developing a cross-functional incident response team
  • Crafting comprehensive incident response plans tailored to various scenarios
  • Conducting regular training sessions and simulated drills
  • Implementing advanced threat intelligence and monitoring solutions
  • Collaborating with third-party cybersecurity resources
  • Providing continuous review and updates to the incident response plan
  • Meeting regulatory requirements, and respond promptly and effectively if an incident occurs
  • Ensuring compliance with SEC requirements and meeting the requirements of cyber insurance carriers.


The SEC's new cybersecurity incident disclosure rules emphasize the importance of effective cyber incident response plans. By promptly disclosing security breaches and demonstrating a commitment to cybersecurity risk management, organizations can enhance transparency, protect stakeholders and mitigate potential damages. Implementing a comprehensive incident response plan, following best practices and leveraging external support, such as RSM’s service offerings, are key steps to achieving compliance and strengthening cybersecurity resilience.

Let's Talk!

Call us at +1 213.873.1700, email us at or fill out the form below and we'll contact you to discuss your specific situation.

  • Topic Name:
  • Should be Empty:

This article was written by RSM US LLP and originally appeared on 2023-12-12.
2022 RSM US LLP. All rights reserved.

RSM US Alliance provides its members with access to resources of RSM US LLP. RSM US Alliance member firms are separate and independent businesses and legal entities that are responsible for their own acts and omissions, and each is separate and independent from RSM US LLP. RSM US LLP is the U.S. member firm of RSM International, a global network of independent audit, tax, and consulting firms. Members of RSM US Alliance have access to RSM International resources through RSM US LLP but are not member firms of RSM International. Visit us for more information regarding RSM US LLP and RSM International. The RSM logo is used under license by RSM US LLP. RSM US Alliance products and services are proprietary to RSM US LLP.

​Vasquez & Company LLP is a proud member of the RSM US Alliance, a premier affiliation of independent accounting and consulting firms in the United States. RSM US Alliance provides our firm with access to resources of RSM US LLP, the leading provider of audit, tax and consulting services focused on the middle market. RSM US LLP is a licensed CPA firm and the U.S. member of RSM International, a global network of independent audit, tax and consulting firms with more than 43,000 people in over 120 countries.

Our membership in RSM US Alliance has elevated our capabilities in the marketplace, helping to differentiate our firm from the competition while allowing us to maintain our independence and entrepreneurial culture. We have access to a valuable peer network of like-sized firms as well as a broad range of tools, expertise and technical resources.

For more information on how ​Vasquez & Company LLP can assist you, please call +1 213.873.1700.

Subscribe to receive important updates from our Insights and Resources.

  • Should be Empty: