- A Deloitte poll of over 1,300 C-suite and other executives from publicly traded organizations found that 53% said their organizations have been planning for the newly issued SEC cyber rules for 6-12 months or more. - In response to the new SEC cyber rules, 34% of executives said their organizations have evaluated communications processes with third-party service providers, while 65% said their organizations will strengthen cybersecurity programs and 54% will push third parties to do the same. - The new SEC cyber rules will require public companies and their third parties to strengthen cybersecurity programs to comply with new disclosure requirements.

1. New SEC Cyber Rules to Push
Publics and Their Third Parties to
Strengthen Programs
Deloitte poll results

2. Copyright © 2023 Deloitte Development LLC. All rights reserved. 2
Methodology
1,300+
C-suite and other executives from publicly
traded organizations were polled during a
webcast, titled “Understanding the SEC’s
requirements for cybersecurity disclosures,”
on Aug. 24, 2023. Answer rates differed by
question.
In some instances, immaterial amounts (e.g., +/-
0.1%) have been added to or removed from the
“Don’t know/not applicable” answer responses to
bring results to 100% total for each question.

3. Copyright © 2023 Deloitte Development LLC. All rights reserved. 3
Is your organization prepared to comply with the new SEC cyber rules?
Don’t know / not applicable = 20.9%
Votes received: 1,494 C-suite and other executives from publicly traded organizations
No, we have not prepared to comply, but
we will be compliant by mandated
deadlines
Yes, we've been preparing for 6-12 months
Yes, we've been preparing for more than 12
months
Yes, we've been preparing for up to 6 months
53% of public company
executives say that their
organizations have been
planning for the newly
issued SEC cyber rules
26.1%
16.9%
19.1%
17.0%

4. Copyright © 2023 Deloitte Development LLC. All rights reserved. 4
Votes received: 1,372 C-suite and other executives from publicly traded organizations
In response to the new SEC cyber rules, has your organization evaluated its communication processes
with Third-party Service Providers (TPSPs)?
Don’t know / not applicable = 34.3%
No, and we have
no plans to do so
No, but we're
working to do so
now
Yes, we have begun this
work, but are updating
in light of the SEC rules
Yes, we have completed
this work and have controls
and protocols in place
33.9% of public company executives’ organizations have
evaluated communications with third party service providers
10.9%
23.0%
27.4%
4.4%

5. Copyright © 2023 Deloitte Development LLC. All rights reserved. 5
Votes received: 1,318 C-suite and other executives from publicly traded organizations
In response to the new SEC cyber rules, will your organization and its third parties strengthen
cybersecurity programs?
Don’t know / not applicable = 32.2%
No, my organization will only push third parties to
strengthen their cyber programs (will not
strengthen our own program)
Yes, my organization will both strengthen its own
cyber program and push third parties to do the
same
No, my organization will only strengthen its own cyber
program (will not push third parties to do the same)
3.0%
51.1%
13.7% 64.8% of public company
executives say their
organizations will
strengthen their
cybersecurity programs
54.1% of public
company executives
will push their third
parties to strengthen
cyber programs

6. Copyright © 2023 Deloitte Development LLC. All rights reserved. 6
Media Contacts
Shelley Pfaendler
Public Relations
Deloitte Services LP
cspfaendler@deloitte.com
Taylor Graham
Public Relations
Deloitte Services LP
tagraham@deloitte.com

7. About Deloitte
Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee (“DTTL”), its network of member firms, and their related entities. DTTL and each
of its member firms are legally separate and independent entities. DTTL (also referred to as “Deloitte Global”) does not provide services to clients. In the United States, Deloitte refers to one or
more of the US member firms of DTTL, their related entities that operate using the “Deloitte” name in the United States and their respective affiliates. Certain services may not be available to
attest clients under the rules and regulations of public accounting. Please see www.deloitte.com/about to learn more about our global network of member firms.
Copyright © 2023 Deloitte Development LLC. All rights reserved.
The statements in this report reflect the aggregation of poll responses and are not intended to reflect facts or opinions of any entities. All data, charts and statistics referenced and presented, as
well as the representations made and opinions expressed, unless specifically described otherwise, pertain only to the participants and their responses to the Deloitte poll. The information
obtained during the poll was taken “as is” and was not validated or confirmed by Deloitte.
This presentation contains general information only and Deloitte is not, by means of this presentation, rendering accounting, business, financial, investment, legal, tax, or other professional
advice or services. This presentation is not a substitute for such professional advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before
making any decision or taking any action that may affect your business, you should consult a qualified professional advisor.
Deloitte shall not be responsible for any loss sustained by any person who relies on this presentation.