Five Things to Know About SEC Regulation S-K § 229.106 (Item 106)

April 16, 2024
RISCPoint

Five Things to Know About SEC Regulation S-K § 229.106 (Item 106)

Cybersecurity risks have emerged as a significant concern for companies across all sectors. The U.S. Securities and Exchange Commission (SEC) has recognized this threat and introduced specific regulations to ensure that companies adequately manage and disclose these risks to their investors. Regulation S-K § 229.106 (Item 106) addresses these concerns mandating clear disclosures about cybersecurity risks and the measures companies are taking to mitigate them. Here are the top five things you need to know about this new SEC regulation:

1. Cybersecurity Risk is a Material Concern

Cybersecurity isn't just a technical issue; it's a business one. The SEC mandates through Item 106 that companies must acknowledge the financial implications of cybersecurity risks in their disclosures. This requirement stems from the understanding that cyber incidents can lead to significant material costs, affecting a company’s financial condition and, consequently, its investors. 

2. Active Management of Cyber Risks is Mandatory

Regulation S-K § 229.106 obligates businesses to proactively manage their cybersecurity risks.Companies shouldn’ be passive in their approach to cybersecurity.  Companies demonstrate management through includes a thorough assessment as well as identification, and mitigation of potential threats. Active management ensures that companies are not just reacting to incidents but are also preventing them, safeguarding their operations and assets from cyber threats.

3. Transparency in Risk Management Processes

Investors will review cyber risk factors when making investment decisions. Transparency builds trust, especially when it comes to managing cybersecurity risks. The SEC requires companies to disclose their risk management processes, providing investors with insights into how prepared and resilient a company is against cyber threats. This disclosure is crucial for investors as it allows them to make informed decisions based on the company's cybersecurity readiness.

4. The Role of Consultants in Cybersecurity

Item 106 requires disclosures on whether external consultants or third-party experts are engaged to manage cybersecurity risks. Engaging a third party demonstrates to investors that your company takes cybersecurity risk seriously and are therefore less likely to suffer the financial consequences of cybersecurity events or breaches.The complexity of cybersecurity in the modern threat landscape necessitates specialized knowledge management.

5. The Urgency of Compliance

Regulation S-K § 229.106 is not a future consideration but a present reality.  Companies should start immediately, if they haven’t already, to ensure they meet the regulation's stipulations. Compliance is not just about adhering to regulations but also about protecting the company and its investors from the ever-present threat of cyber incidents.

Need Expert Guidance? RISCPoint Can Help

Navigating the complexities of SEC Regulation S-K § 229.106 (Item 106) can be challenging, but you don't have to do it alone. RISCPoint is uniquely qualified and capable of assisting your company in understanding and complying with these new standards. Our team of cybersecurity and compliance experts specializes in developing tailored strategies that not only meet regulatory requirements but also protect your company from the dynamic landscape of cyber threats. Let RISCPoint be your partner in ensuring compliance and safeguarding your operations. Contact us today to learn how we can help your company stay ahead in cybersecurity compliance.

Download

Stay Informed, Stay Secure

Subscribe to our newsletter and get the latest cybersecurity insights, updates, and event invitations delivered straight to your inbox. Join our community and empower your security journey with RISCPoint's expert knowledge.

Thank you! We'll keep you up to date!
Oops! Something went wrong while submitting the form.

Join our newsletter for updates. Terms.

TOP