My thanks for Protiviti for an excellent summary of the new SEC staff guidance. I will let you read it for the details. You can also refer to the SEC's release itself.
The SEC staff has explained that these are not new requirements — the need to disclose material matters exists already. What they have done is to provide guidance on how this should apply to the issue of information security or "cyber crime."
CAEs, financial auditors, IT auditors, those involved or responsible for financial reporting, and those responsible for information security should become familiar with the guidance.