logo
episode-header-image
Sep 2023
36m 32s

Getting ready for the SEC’s new cybersec...

PWC
About this episode

Did you enjoy this episode? Text us your thoughts and be sure to include the episode name.

In this episode, we discuss the SEC’s new cybersecurity disclosure rules finalized in July. 

The new disclosure rules expand registrants’ annual disclosures and require timely reporting for material cybersecurity incidents. With these significant changes and the implementation approaching, companies should not wait to get ready. 


This week, Heather Horn is joined by Kyle Moffatt, PwC National Office Professional Practice Leader, and Matt Gorham, PwC Cyber & Privacy Innovation Institute Leader, to discuss what companies can do to prepare now for the new requirements.


In this episode, you’ll hear discussion of:

  • 4:28 - Why cybersecurity is an area of focus for the SEC 
  • 8:03 - A summary of the SEC’s new cybersecurity rules and disclosure requirements
  • 10:21 - Types of cyber incidents, including what’s required to be disclosed in the Form 8-K and how companies should think about “material” impacts
  • 12:58 - The importance of developing relationships with federal law enforcement and how smaller companies can start to build those relationships
  • 20:19 - An ideal sequence of action steps when a cyber incident occurs
  • 24:32 - Top considerations when preparing to disclose in accordance with the SEC’s cybersecurity rules
  • 33:10 - Key takeaways for companies reviewing their processes and preparing for the new disclosure requirements

Looking for more information on cybersecurity? Check out our publication and register for our Q3 2023 Quarterly accounting webcast for a detailed discussion of the SEC’s cybersecurity rules with Kyle; PwC Vice Chair, Wes Bricker; and Raquel Fox, Partner & Co-Head of SEC Reporting and Compliance; Capital Markets; M&A; Corporate Governance at Skadden, Arps, Slate, Meagher & Flom LLP and Affiliates. 

Kyle Moffatt is PwC’s Professional Practice leader, leading a team responsible for working with standard setters and regulators as well as delivering brand-defining thought leadership and educational materials. He also consults with engagement teams and audit clients on SEC reporting matters. Before PwC, Kyle spent almost 20 years with the SEC, most recently as Chief Accountant and Disclosure Program Director in the Division of Corporation Finance.


Matt Gorham is PwC Cyber & Privacy Innovation Institute Leader, providing thought leadership, perspective, and analysis on trends affecting all aspects of cybersecurity and privacy. He has over three decades of experience mitigating threats through building and leading cross functional teams. Before PwC, Matt spent 25 years with the FBI as the Assistant Director of Cyber.


Heather Horn is PwC’s National Office thought leader, responsible for developing our communications strategy and conveying firm positions on accounting and financial reporting matters. She is the engaging host of PwC’s accounting and reporting weekly podcast and quarterly webcast series. With over 30 years of experience, Heather’s accounting and auditing expertise includes financial instruments and rate-regulated accounting.


Transcripts available upon request for individuals who may need a disability-related accommodation. Please send requests to us_podcast@pwc.com.

Up next
Aug 19
Who’s the accounting acquirer? Navigating new bus com guidance
In this episode, we explain how to identify the accounting acquirer in an acquisition—an essential first step in accounting for a business combination. We also outline key changes in the FASB’s new guidance (ASU 2025-03, Determining the Accounting Acquirer in the Acquisition of a ... Show More
22m 13s
Aug 14
Sustainability now: EU Omnibus in motion – August 2025 update
A video of this podcast is available on YouTube, Spotify, or PwC’s website at viewpoint.pwc.comRecent weeks have brought notable progress on the European Commission’s Omnibus package. In this episode, we examine the key developments from July — including amendments to the EU Taxo ... Show More
33m 32s
Aug 5
Revenue accounting reset - Presentation and disclosure
We continue our revenue accounting podcast miniseries with an episode focused on presentation and disclosure. From balance sheet and income statement classification to required disclosures under ASC 606, we highlight key guidance and address key areas where questions often arise ... Show More
33m 35s
Recommended Episodes
Mar 2024
Digging into the SEC climate disclosure rules
The U.S. Securities and Exchange Commission approved new rules this month on what information companies must disclose about their greenhouse gas emissions and climate risks, but notably dropped more stringent requirements that the commission initially proposed. Despite being halt ... Show More
32m 1s
Jun 2022
Cyber security, a legal requirement? With Clyde & Co’s Reece Corbett-Wilkins and Avryl Lattin
In this episode of the Cyber Security Uncut podcast, Reece Corbett-Wilkins and Avryl Lattin, partners at global law firm Clyde & Co, join hosts Phil Tarrant and Major General (Ret’d) Marcus Thompson to discuss how cyber security is becoming a legal obligation for firms. The podca ... Show More
46m 9s
Mar 2024
Unpacking the SEC's climate disclosure rule
The US Securities and Exchange Commission on March 6 finalized a long-awaited rule requiring thousands of publicly traded companies to disclose certain climate-related information. The final rule takes a narrower approach than what the SEC proposed in 2022; it also marks a signif ... Show More
29 m
Jun 2024
Hidden Threats: The Role of the CFO in Privacy and Security | Joe Oleksak
CFOs wield significant influence in safeguarding a company’s financial data, but entrusting cybersecurity solely to their CIOs may jeopardize privacy and open the door to data breaches. As Partner at Plante Moran, Joe Oleksak advises businesses on cybersecurity, IT audit, and tec ... Show More
47m 52s
Mar 2024
2820: The Cyber Insurance Equation: Risk, Responsibility, and Readiness
In today's digital landscape, the role of cybersecurity within organizations is more critical than ever. As businesses navigate the complexities of protecting their data and infrastructure, the Chief Information Security Officer (CISO) stands at the forefront of this evolving bat ... Show More
36m 29s
Dec 2019
Why Cybersecurity Isn’t Only a Tech Problem
Thomas Parenty and Jack Domet, cofounders of the cybersecurity firm Archefact Group, say that most organizations are approaching cybersecurity all wrong. Whether they're running small companies or working in multinational corporations, leaders have to think beyond their IT depart ... Show More
27m 29s
Aug 2022
Proptech Pulse: Why risk-mitigation strategies should be on every business’ playbook
Nick Bouris, the recently appointed chief executive of the Managed App, chats with Momentum Media’s Grace Ormsby for the latest episode of  REB’s Proptech Pulse. With the real estate sector facing an unprecedented rise in illicit finance risks, including instances of trust accoun ... Show More
20m 13s
Listen to millions of songs and podcasts on Anghami