The SEC's Four-Day Reporting Rule Presents a Critical New Need to Define Materiality

Executive Snapshot

• Figure: Executive Snapshot: The SEC's Four-Day Reporting Rule Presents a Critical New Need to Define Materiality

Situation Overview

Advice for the Technology Buyer

• Have Clarity on What Needs to Be Reported: The Risk Appetite

• Table: Sample Cyber-Risk Appetite Components

• Table: An Example — Cyber-Risk Appetite Framework

• Ensure That You Have the Data to Assess, Monitor, and Report in the Context of the Approved Risk Tolerance

• How to Define and Measure the Incident Impact

• How to Report an Incident

• Figure: An Example — "Nonmaterial" Incident Assessment Dashboard

• Figure: Example of a "Material" Incident Assessment Dashboard; Based on Risk Tolerance, 100% Encryption Mitigates Materiality for Reporting Purposes

• Figure: Examples of "Nonmaterial" Incident Assessment Dashboard; Encryption Mitigates Risk for Reporting Purposes

• Figure: An Example "Nonmaterial" Incident Assessment Dashboard; Reputational Risk Exposure Where a Provider Creates an Industry Risk

• Reduce the Impact of Breach Notification and Compliance by Planning Ahead

Learn More

• Related Research

• Synopsis