We’re a selected team of skilled cybersecurity professionals who work as an extension of your IT staff, as well as best-in-class technology to add an additional layer of protection to your organization.

View our Managed Services
Ask About Our Outsourced Cybersecurity Program

Our comprehensive outsourced cybersecurity program leverages advanced technology and expert professionals to enhance your security without the need for in-house capabilities.

Learn more


We collaborate with best in the business to ensure our customers receive the highest levels of care and support. These trusted relationships allow us to better serve and educate our customers.

Regional Partner of the Year Award

Partner of the Year Award

Why Inversion6

With an abundance of solutions and providers, the task of choosing the right option is critical and can sometimes be overwhelming.

industry validation

"Thanks to Inversion6, we now have an established protocol and response procedure whenever incidents are detected. Now, we are able to act immediately to prevent a security event from becoming a larger incident."

Read Full Story


Our experts are thought leaders in the cybersecurity space. From blogs to publications and webinars, check out these resources to learn more about what’s trending in our industry and how you can stay ahead.

Why Cybersecurity Should Be Driving Your Enterprise Risk Management Strategy

By Christopher Prewitt

Read Article
Latest Inversion6 Press

CISO Craig Burland’s latest byline in Cyber Defense Magazine discusses the importance of accountability in cybersecurity.

View Story
January 23, 2024
By: Damir Brescic

Unpacking the New SEC Cybersecurity Disclosure Requirements

The  U.S. Securities and Exchange Commission (SEC) has taken the first steps in weighing in on what companies need to do regarding cybersecurity. The formal adoption of new SEC cybersecurity disclosure requirements took effect in December 2023. Although the new rules primarily target publicly listed companies, other private and smaller companies should also be familiar with the new standards while preparing their own operations for their own security compliance. 

The SEC’s cybersecurity rules, first communicated in July 2023, require publicly listed companies to comply with numerous incident reporting and governance disclosure requirements. One key point of distinction from the SEC’s previous—and more hands-off—stance was that organizations should assume they will experience real threats and potential breaches. Forget hypotheticals; companies today must be prepared for the eventual cyber incident. 

The primary driver for the increased focus from the SEC on cybersecurity disclosures is the protection of investors and market integrity. Investors and voting members of organizations need to have confidence their groups are taking cybersecurity seriously and providing transparency. This is a clear reaction to not only the potential damage attacks, breaches and data loss can have on businesses, but also how some organizations have tried to obscure such incidents in the past.  

For example, in October the SEC brought charges against SolarWinds CISO Timothy Brown for allegedly misleading investors about the company’s security prior to a cyberattack launched on the company in 2019. Many of the accusations come from comments Brown allegedly shared internally. Clearly, the status quo can’t continue.  

Here we’re diving into the new SEC rule updates and what companies should think about when it comes to complying with the new directives.   

Make Sure Your Business is Protected: Connect with our cybersecurity experts to get started on your tailored security solution today.   

Critical Components of the New SEC Cybersecurity Disclosure Requirements 

We’ve broadly categorized the substance of the new SEC requirements into segments below. Listed are the pertinent details for each and the new expectations companies must meet.   

Cyber Incident Reporting 

  • Report “material” cybersecurity incidents on a Form 8-K within four business days of materiality determination. 
  • Describe the nature, scope, and timing of the incident and the material impact or reasonably likely material impact on the registrant. 
  • Materiality determination should be based on federal securities law materiality, including consideration of quantitative and qualitative factors. 

Cyber Risk Management & Strategy 

Describe the company’s process, if any, for assessing, identifying, and managing material risks from cybersecurity threats, including: 

  • Whether cybersecurity is part of the overall risk management program, engages consultants, auditors or other third parties, and processes to oversee and identify risks from use of third parties. 
  • Whether and how any risks from cybersecurity threats have materially affected or are reasonably likely to materially affect the registrant’s business strategy, results of operations, or financial condition. 

Cyber Governance 

Describe the company’s governance of cybersecurity risks as it relates to: 

  • The board’s oversight of cybersecurity risk, including identification of any board committee or subcommittee responsible for oversight and the process by which they are informed about cyber risks.
  • ​​​​​​Management’s role and expertise in assessing and managing material cybersecurity risk and implementing cybersecurity policies, procedures and strategies. 
  • Specific disclosure of any management positions or committees responsible for assessing and managing cyber risks, including discussion of their relevant expertise. 

SEC Cybersecurity Disclosure Questions 

While the new SEC regulations do an admirable job of detailing specifics and address key issues important particularly to securing the trust of the market and shareholders, they aren’t a perfect solution. More specificity would have been nice to see regarding potential penalties, especially with habitual offenders. Will the disclosure requirements achieve what they were intended to do? That remains to be seen.  

But with their adoption the SEC cybersecurity disclosure requirements immediately add another layer of complexity for organizations likely already trying to adhere to already existing industry or other governmental standards. How the new SEC rules fully intersect with, or augment, these existing standards is also left to organizations and their security teams to figure out.  

If SEC compliance is required for your company, you need to be able to answer many questions related to how your organization meets or is planning to meet these regulations. The considerations include (among many others):  

  1. Are our organization’s policies and procedures, risk assessments, controls and monitoring strong enough to disclose publicly? 
  2. Are we getting the information we need to oversee cybersecurity at the board level?
  3. What is our process for reporting cybersecurity incidents? 
  4. How can we effectively determine materiality of a breach or attack? 
  5. Can we report within the four-day period? 
  6. What is the right level of information to disclose? 

Doing More with AI: Go deeper with AI to learn how to leverage this technology and improve security efficiency

Inversion6 Help You Prepare for the New SEC Cybersecurity Disclosure Rules 

From initial assessments to discover the maturation level of your security controls to specific, detailed courses of action to take, Inversion6 has the experience and breadth of industry knowledge to help you plot your way forward. We help you find the baseline of where your organization is, identify the gaps you need to address, and the tools required for remediation and mitigation. 

We develop customized strategies for the specific circumstances your organization faces. Our compliance services give you expert advice and help you create educational initiatives—such as interactive and instructional tabletop exercises—to give your board the institutional knowledge needed now to meet and exceed the new requirements.  

For more than 30 years, Inversion6 has created comprehensive, effective and manageable cybersecurity solutions that include a Security Operations Center (SOC)managed detection & response (MDR)autonomous penetration testing, and more. We act as an extension of your team to tackle risk management and threat mitigation challenges of today. 

You don’t have to develop a response plan to the new SEC cybersecurity disclosure requirements on your own. Schedule a consultation today to discover how our expertise helps you navigate the changes. 

Post Written By: Damir Brescic
<p>Damir has an extensive and successful history in the cybersecurity industry, and we&rsquo;re excited to have him join the team.&nbsp;&nbsp;</p>

Related Blog Posts

Let's TALK

Our team of experts in information security, storage, and networking works alongside your team to implement technology solutions that are smart, flexible, and customized to fit your needs. Ready to learn how we can help strengthen your technology environment? Fill out the form below to get started.