This report analyzes cyber-related disclosure risks and opportunities based on a review of Securities and Exchange Commission (SEC) comment letters.

The SEC’s latest cybersecurity rules issued July 2023 – Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure by Public Companies – generally go into effect for disclosures filed beginning the first quarter of 2024. This report takes an early look at the new disclosures filed year-to-date in 2024 as well as reviewing all cyber-related comment letters issued from January 2023.

Using our MyLogIQ CompanyIQ SEC Comment Letters database, we found that, among other things:

• There are 16 themes in cyber-related comment letters released from January 2023-June 2024. These themes identify potential guidance for cyber and cybersecurity disclosures.
• Possible cyber-attacks or cyber interference by foreign actors, such as China and Russia, were the top concern among the cyber-related comment letters in the study period.
• Ensuring that risk factor disclosures are thorough and not generic should also be a top priority for companies.
• A clear and detailed description of the role of the company’s board in overseeing cybersecurity risk needs to be included in all relevant SEC filings.

Read more by accessing the report below.