New cybersecurity disclosure rules from the Securities and Exchange Commission will require accountants to work with their clients to ensure they'll be ready for its implementation, whether that means simply reassessing current protocols or building out an entire security infrastructure.
The new rules, approved late last month, expand what entities are required to report regarding their IT security. In general, entities that experience a cybersecurity incident must now determine whether it will have a material impact on them, and if so, they must then fill out the new Item 1.05 on their Form 8-K within four days. On this form, the entity will need to describe the material aspects of the nature, scope and timing of the incident, as well as the material impact or reasonably likely material impact of the incident on the registrant, including its financial condition and results of operations.
Comments