The SEC guidance released  includes two new areas: cybersecurity policies and procedures, and insider trading prohibitions.

The guidance spells out the rules of disclosure, stresses the importance of materiality when preparing disclosures and lists five elements of materiality to consider.

Experts from Deloitte are recommending public companies also consider taking an additional five steps:

1. Assess current policies and procedures related to cyber risks and incidents.
2. Align cyber risk with operational risk framework, and develop shared understanding on materiality considerations.
3. Understand disclosure obligations under federal and state laws, and establish and maintain appropriate and effective disclosure controls for cybersecurity risks and incidents.
4. Examine and update insider trading policies and procedures.
5. Raise C-suite and board awareness on SEC guidance and company obligations, and assess and test incident management processes, including through cyber war gaming.

Review the article on Accounting Today's website and the guidance on the SEC's website.