SEC proposed rule on Cybersecurity Risk Management receives support and recommendations from XBRL US
In response to the US Securities and Exchange Commission’s (SEC) proposed Cybersecurity Risk Management Rule request for comments, XBRL US have submitted a comment response letter. The rule aims to enhance cybersecurity risk reporting for various entities such as broker-dealers, clearing agencies, security-based swap participants.
While XBRL US endorses the Commission’s proposal for reporting using a structured data language, it suggests using the existing XBRL data standard instead of creating a new custom XML schema specifically for Form SCIR. This approach would be more efficient, cost-effective, and enable the use of open-source and commercial tools that already work with XBRL.
In terms of filing Part I of Form SCIR, XBRL US strongly recommends adopting the Inline XBRL standard over custom XML. Adopting Inline XBRL would better facilitate the interoperability of data by end users, key for optimal usability. It would also provide consistency and compatibility with existing use of XBRL for cybersecurity incident data.
XBRL US also highlight the benefits of using Inline XBRL for Part II of Form SCIR. This approach would be more efficient for the marketplace, due to the ease of extracting narrative data when tagged with XBRL, and the constancy with other cybersecurity data allowing for comparison and easy aggregation by analysis and regulators.
Suffice to say that here at XBRL International we agree with our colleagues in the US – we are pleased to see the move towards structured, machine readable data for cybersecurity risk reporting, but would caution that adopting XBRL will result in consistent, usable data.
Read the letter here.