Share on LinkedIn Share on Twitter Share on Facebook SEC Cybersecurity Rules Shift Attention to Smaller Reporting Companies Share on LinkedIn Share on Twitter Share on Facebook Now, it’s smaller companies’ turn.In July 2023, the Securities and Exchange Commission (SEC) announced new rules designed to enhance and standardize disclosures regarding cybersecurity risk management, strategy, governance, and incidents by public companies.The first set of businesses required to comply were large reporting companies, which were given a start date of December 15, 2023. The next group up are smaller reporting companies, which, beginning on June 15, must start complying with these rules. That means these businesses should be prepared to do the following:Report a material cybersecurity incident within four days of discovery.Disclose processes in place to assess, identify, and manage material cybersecurity risks.Disclose company leadership's role in assessing and managing material cybersecurity risks and the board of directors' oversight of such risks.Tag cybersecurity disclosures within Inline eXtensible Business Reporting Language ("Inline XBRL" or iXBRL).DFIN recognizes that meeting these heightened expectations presents challenges for small companies, which are held to the same regulatory standards as their larger peers but are limited in resources, budgets, and iXBRL expertise. The good news is we can help companies of any size comply with the SEC’s latest Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure rules. Before contacting DFIN, here are two initial steps to take:Conduct a readiness assessment for SEC compliance. This includes identifying risks and issues within your company.Establish an internal framework for incident response to help your organization promptly identify and address incidents.Next, come four more critical steps. Here are some key details on each and how DFIN can help:Demonstrate Proactive Compliance Efforts: DFIN’s ActiveDisclosure helps businesses stay updated on the latest regulatory disclosure requirements to ensure they meet compliance obligations by documenting and tracking compliance activities, providing tangible evidence of a company’s commitment to regulations.Ensure Timely, Consistent, and Appropriate Disclosures: ActiveDisclosure provides the tools and processes necessary to facilitate timely and accurate disclosures in accordance with the latest SEC regulatory requirements, enhancing trust and credibility with your stakeholders.Streamline Your Review Process: ActiveDisclosure facilitates a smooth review process between users and DFIN experts. This includes automated disclosure comparisons, SEC validation reporting, collaboration, commenting, and approvals.Turn to the XBRL Experts: DFIN is your trusted resource for accurate XBRL-tagging. With more than 400 in‑house XBRL experts, we help you file XBRL-tagged reports confidently and on time, every time.Whether you’re a large or small reporting company, the DFIN team and solutions minimize the stress and costs that come with achieving compliance with SEC regulations. We have worked with thousands of companies that have leveraged DFIN's industry experts and ActiveDisclosure to streamline their SEC filing and financial reporting. Reach out today to learn how we can help your business navigate ever-changing SEC regulations and mandates, including the latest cybersecurity regulations. Marcie Clark Director of Global Regulatory Services, DFIN Related Products and Solutions Knowledge Hub Page (Insight) ActiveDisclosure℠ Collaborate easily. Simplify reporting. Learn More Related Content Fact Sheet Smaller Reporting Companies Must Comply with the SEC's Cybersecurity Rules