vCISO Services for SEC Cybersecurity Disclosure Compliance
10-K cyber governance disclosures, risk management oversight, and material incident reporting required by SEC rules
Why does this matter?
Since 2023, the SEC has required all public companies to disclose how they manage cyber risk, govern cybersecurity, and report material incidents.
Many small and mid-cap companies lack a dedicated CISO to meet these expectations.
We provide vCISO services explicitly tailored to SEC cybersecurity disclosure requirements.
The SEC rule requires public companies to disclose:
-
Cyber Risk Management
How cyber risks are identified, assessed, and managed.
-
Management Responsibility
Disclosure of the CISO’s role or equivalent management expertise.
-
Board Oversight
How the board oversees cybersecurity risks and updates.
-
Governance Processes
Policies, controls, and structures supporting cyber governance.
-
Incident Reporting
Material cybersecurity incidents must be disclosed within 4 days.
The SEC requires companies to determine whether a cybersecurity incident is “material” to investors. We help establish a clear, repeatable process to make this determination.
You get
• A materiality assessment playbook
• A severity & impact scoring model
• Decision-making workflow with legal and executive stakeholders
• Documentation templates for each incident
We support
• Rapid impact evaluation during an incident
• Preparation for a potential 8-K filing
• Coordination with legal counsel
• Ensuring evidence and decisions are properly documented
Materiality assessment
Basic
Dedicated personal security expert
Security posture overview, assessments (NIST, SEC, HIPAA, etc.), and executive reporting
Security awareness training and testing
Development of custom policies and governance
10-K cybersecurity disclosure preparation
For companies with
basic SEC compliance needs
Standard
Everything in the Basic plan
Security incident and vulnerability response, 8-K filing support
Security incident, disaster recovery, and business continuity plan testing
Cyber risk management, tracking and reporting
Third-party and supply chain security management
For companies
beyond SEC compliance needs
Premium
Everything in the Basic and Standard plans
Company representation in external events and for authorities
24/7 direct access to CISO and security experts
On-site presence and global traveling on demand
Cybersecurity monitoring (MSSP) and custom SEC governance services
For companies that want
executive security management
Flexible agreements — no long-term lock-ins
Frequently asked questions
Who leads ACyber’s cybersecurity services? Our services are led by certified cybersecurity professionals with extensive experience in regulatory compliance and security governance.
Where is ACyber based? ACyber operates from Chicago, USA, and Vilnius, Lithuania (EU), serving clients globally.
What makes ACyber different from other cybersecurity firms? We do not offer "everything for everyone", and we combine strategic CISO-level guidance with hands-on compliance execution to ensure practical, audit-ready results for every client without contractual lock-ins.
Our clients
.jpg)
Our Partners
