Comments on SEC draft cybersecurity disclosure taxonomy
Earlier this summer XBRL US submitted comments to The Securities and Exchange Commission (SEC) on the recently released draft Cybersecurity Disclosure (CYD) taxonomy. The taxonomy aims to support the implementation of the SEC’s recently adopted rule on Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure. The draft taxonomy is designed to facilitate the reporting of cybersecurity-related information in Inline XBRL format, enabling structured, computer-readable disclosures.
By requiring the use of Inline XBRL, the rule aims to improve the accessibility and comparability of cybersecurity data, allowing investors, regulators, and stakeholders to analyse the disclosures more efficiently. The new CYD taxonomy outlines the specific elements companies will need to use when tagging cybersecurity information in their reports.
In its review of the draft, XBRL US identified several issues that need clarification, such as inconsistencies between the taxonomy and the accompanying guide, including mismatches in element IDs and labels. XBRL US also pointed out the challenges of tagging narrative disclosures, noting that overlapping content in text blocks could complicate the tagging process. Suggestions were made to provide further guidance on dimensions and time periods used in the taxonomy, as well as to clarify the process for tagging detailed quantitative values embedded within narrative disclosures.
The SEC’s decision to implement structured, XBRL reporting through XBRL is an important step in improving the quality and consistency of cybersecurity disclosures. This – and other – feedback is key to refining the final taxonomy and ensuring it is practical for reporting entities.
For more information, review the draft taxonomy and XBRL US’s comments – and stay tuned for the final taxonomy!