On June 24, 2024, the Securities and Exchange Commission (SEC) released five additional Compliance and Disclosure Interpretations (C&DI) to aid in the understanding and application of the SEC-issued Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure final rule.
The C&DI (104B.01–104B.09) focus on the following topics:
- Timing of the filing (104B.01–104B.03)
- Department of Justice consultation’s impact on materiality (104B.04)
- Ransomware payment’s effect on disclosure requirements (104B.05, 104B.06)
- Materiality determination considerations: insurance proceeds, ransomware payment and series of incidents (104B.07–104B.09)
