SEC launches 2024 Cybersecurity Disclosure Taxonomy
Following a consultation process, the US Securities and Exchange Commission (SEC) has approved the 2024 Cybersecurity Disclosure (CYD) taxonomy – with EDGAR already updated for filers wishing to use the taxonomy immediately.
This taxonomy allows companies to tag disclosures related to cybersecurity risk management, strategy, governance, and incident reporting in iXBRL, aligning with the SEC’s recently adopted rules on cybersecurity disclosures.
The new CYD taxonomy is designed to help companies tag and organise disclosures related to cybersecurity risk management, governance, strategy, and incident reporting. The new rule mandates that companies disclose material cybersecurity incidents, as well as periodic updates on how they manage cybersecurity risks and the board’s role in overseeing those risks. By standardising these disclosures in iXBRL, the SEC aims to boost transparency and comparability, giving stakeholders the tools they need to analyse and assess cybersecurity risks across companies.
The significance of this update is tied to the growing complexity of cybersecurity threats and the demand for consistent, structured data. As the frequency of cyber incidents continues to rise, clear and standardised reporting becomes essential.
Earlier this summer, XBRL US provided feedback on the draft CYD taxonomy, identifying several areas for improvement, including clarifying mismatches in element IDs and offering guidance on tagging narrative disclosures. We covered this in detail in an earlier newsletter, which you can revisit here. The final release of the CYD taxonomy incorporates these refinements and takes a major step toward enhancing the quality, consistency, and transparency of cybersecurity-related information.
For companies navigating these new requirements, we recommend using the most up-to-date taxonomy versions to ensure compliance with SEC rules.
For more information on the CYD taxonomy and how to leverage it for your filings, visit the SEC’s taxonomy page here.