CrowdStrike is today debuting CrowdStrike SEC Readiness Services to guide organizations along the path to compliance as they navigate the new SEC cybersecurity disclosure rules. These services, powered by the AI-native CrowdStrike Falcon® XDR platform and industry-leading CrowdStrike Services team, give customers the insight they need to harden defenses, make materiality decisions and navigate the annual disclosure process with confidence.
The new SEC regulations, which went into effect late last year, affect how public companies inform investors of cybersecurity concerns. Under the new requirements, organizations must disclose a material security incident within four days of determining materiality through an 8-K filing with the SEC. They must also annually share their processes for assessing, identifying and managing material risks from cybersecurity threats in their 10-K filing with the SEC.
These requirements are intended to protect investors by requiring greater clarity, consistency and timeliness in how organizations handle cyber risk mitigation. They also elevate security to a top boardroom responsibility and increase the pressure on public companies. Boards of directors and C-suite executives must adapt and prepare accordingly, expand their oversight to include cyber risks and play a direct role in managing their risk and cybersecurity practices.
This is where we come in. CrowdStrike’s SEC Readiness Services align to both the 8-K and 10-K requirements. We help organizations test their processes for determining materiality alongside other critical incident response processes. Further, we highlight risks that not only help companies gain confidence in their annual risk disclosures but also can help prevent breaches from occurring.
CrowdStrike’s new SEC Readiness Service helps organizations navigate these new regulations with: Detailed Risk Management Reviews: CrowdStrike boosts companies’ confidence in their risk disclosures with a two-pronged approach. One component is a technical risk assessment. This leverages the power of the Falcon platform to provide a bottom-up perspective on risks across the environment that can lead to breaches or serve as indicators of potential misalignment between security policies and practices. This assessment provides executives and board members with deep visibility and oversight into an organization’s risk posture and greater confidence the company is doing what it says it does.
The other component is a programmatic review. This provides a top-down perspective by delving into a company’s risk management, strategy and governance practices, exploring how the security program aligns with the business. Through this assessment, organizations can gain confidence that they have the programs and processes necessary to support their annual disclosures — and identify improvements for better long-term alignment.
Materiality Tabletop Exercise: The decisions made during incident response have a far-reaching impact on its success or failure. Testing and practicing the decision-making process in a controlled setting helps increase familiarity with the response process and become more prepared to face a breach. CrowdStrike experts design exercises that enable public companies to test their processes for determining if a security incident is material and requires filing an 8-K with the SEC. CrowdStrike tailors real-world scenarios to each organization, allowing them to ensure they have the right people at the table, considering the right information, with the appropriate guidance necessary to know if a public disclosure should take place.
Prepare Your People, Harden Your Environment
Cybersecurity has been a board issue for many years, but the new SEC regulations make it an imperative. Policymakers and regulators want more transparency from companies regarding security incidents and risk management practices. Additionally, the SEC has shown growing willingness to pursue enforcement actions related to cybersecurity.
Organizations must be prepared to not only comply with new disclosure rules but to do so in a way that limits future liability. CrowdStrike’s SEC Readiness Services strengthen organizations’ confidence in their disclosures and reduce the likelihood of material incidents occurring in the first place.
CrowdStrike is relentlessly working to ensure our customers are best prepared to navigate their cybersecurity challenges, whether it’s detecting a threat or evolving their strategies to improve their overall security posture. By consolidating their security tools on the industry-leading Falcon platform, layered with world-class experts and unparalleled adversary intelligence, organizations can achieve better security hygiene and risk management to stop adversaries before a breach can happen.
Additional Resources
- Check out the SEC Readiness webpage to learn more about our new services.
- The CrowdStrike® Tabletop Exercise provides an incident scenario that has been tailored to your unique environment and operational needs.