XBRL US has sent a comment letter to the Securities and Exchange Commission (SEC) in response to its proposal on cybersecurity risk management, strategy, governance, and incident disclosure for public companies. It notes the importance of timely monitoring of cybersecurity incidents that could adversely impact an individual company or industry, both for investor and for regulators.
"We support the requirement in the proposal that cybersecurity incident data be reported in Inline XBRL format to enhance the timeliness and granularity of data reported, and to allow consistent tracking of such incidents over time. Capturing this information in machine-readable format will ensure that cybersecurity information is more readily available, accessible, and comparable," says XBRL US. It notes that reporting entities today are highly familiar with Inline XBRL, and additional cybersecurity disclosures will have a minimal cost.
Given the importance of cybersecurity data, XBRL US also affirms that it plans to convene a working group to prepare a prototype taxonomy for cybersecurity incident data, which it hopes will aid the SEC as it works to finalise the new rule.