The SEC Materiality Framework

Potential factors to consider when determining SEC materiality.

Download Now

By submitting this form, you agree to our privacy policy.

New SEC Cybersecurity Requirements

In December 2023, the SEC adopted new cybersecurity rules for publicly-traded companies. Under these rules, companies must make a materiality determination “without undue delay” after a cybersecurity incident, and then report “material” cybersecurity incidents within 4 days of a determination of materiality.

To support companies and their cybersecurity leaders, we put together a framework of questions that you can use when a security incident occurs. This framework serves as a helpful starting point for analysis, and you should consider seeking guidance from your counsel on this matter.