- Companies must report material cybersecurity incidents on Form 8-K, ensuring timely and transparent disclosure to investors.
- Companies must provide regular updates on their cybersecurity risk management policies, the role of management in implementing these policies and the board's oversight of cybersecurity risks.
- The rule encourages companies to disclose the cybersecurity expertise of their board members, highlighting the importance of informed oversight in managing cyber risks.
- The rule requires cybersecurity disclosures to be presented in Inline Extensible Business Reporting Language, or Inline XBRL, ensuring consistency and comparability across filings.
Padraic O’Reilly is Founder and Chief Innovation Officer at CyberSaint, where he leads product innovation and development. His experience as a Harvard-trained economist, risk management consultant, and deep cybersecurity expertise supports his current activity which spans working directly with public and private organizations to assess, measure, remediate, and communicate cyber risk. Working closely with large, highly regulated enterprise teams and CISOs, Padraic is dedicated to driving tangible value through linking cyber risks to control posture, innovating with CRQ models and AI, and enhancing cyber to business communication.
An expert in AI and financial modeling, Padraic works with global enterprises to research and deploy risk quantification, analysis, and communication strategies from board to SEC reporting. Padraic has been featured in publications and broadcasting stations such as CNN, the Wall Street Journal, Forbes, Fortune, the New York Times, and Bloomberg.









