Cybersecurity Risk Disclosures Rise as SEC Enforcement Recalibrates

The SEC is recalibrating its cybersecurity enforcement strategy—just as AI is making cyber risks more complex than ever. Companies are being pushed to rethink how they disclose evolving cybersecurity-related threats.

Why This Report Matters

Cybersecurity disclosures are becoming more important and more complex for companies as they adapt to navigate a changing digital landscape. While the SEC has formalized expectations through its cybersecurity disclosure framework, its enforcement posture is shifting toward a more selective and strategic approach.

This report emphasizes the growing recognition across companies that more detailed and transparent cybersecurity disclosures are expected from both regulators and investors, requiring registrants to strengthen and adjust risk disclosure strategies.

Key Insights

Some of the key topics covered include:

• How the SEC’s shifting enforcement posture signals a potentially more targeted approach to cybersecurity-related enforcement while simultaneously deploying its discretion and its resources judiciously
• Trends in public company cybersecurity risk disclosures, including a sustained increase in substantive disclosures across 10-K filings
• How the emergence of AI is reshaping cybersecurity and enhancing both offensive and defensive capabilities of players, leading to more complex disclosure considerations

Best Suited For

This report is designed for professionals responsible for evaluating and disclosing cybersecurity risks in an evolving regulatory environment:

• Legal and compliance teams
• Finance and SEC reporting professionals
• Information security and risk management leaders