< ciso
brief />
Tag Banner

All news with #sec cyber disclosure rules tag

2 articles

SEC 10-K Cybersecurity Trends and Governance 2025

📝 This article analyzes the new SEC 10-K cybersecurity disclosure section (1.C) across the top 200 S&P companies, summarizing governance, reporting lines, standards, and trends between 2024 and 2025. It highlights that the CISO remains the principal cybersecurity role, with the CIO commonly as the reporting executive and audit committees most frequently overseeing cyber risk. The piece also reviews common practices such as TPRM, proactive testing, human-centric training, AI risks, and the author’s AI-assisted data collection and analysis methods.
read more →

SEC Committee’s Proposed AI Disclosure Rule: Details Matter

🏛️ The SEC Investor Advisory Committee has proposed a rule that would require public companies to analyze and disclose material AI efforts, including choices not to deploy or underinvest in AI. The draft would let issuers self-define “AI” and then consistently apply that definition across filings, disclosures, and governance documents. Legal and industry observers say the mandate could force boards and executives to scrutinize AI use and governance more closely, but they warn that inconsistent definitions, boilerplate language, and gaps such as shadow IT could render filings less useful to investors.
read more →