Skip to main content

Search

SEC Proposes More Cybersecurity Reporting for Public Companies

Article
Less than a month after proposing new cybersecurity rules to strengthen technology infrastructure in U.S. securities markets, the Securities and Exchange Commission unveiled new rules and amendments to enhance and standardize disclosures regarding cybersecurity risk management, strategy, governance and incidence reporting by public companies.
3 minute read
March 18, 2022

Just one month after proposing new cybersecurity rules to strengthen technology infrastructure in U.S. securities markets, the Securities and Exchange Commission unveiled new rules and amendments to enhance and standardize disclosures regarding cybersecurity risk management, strategy, governance and incident disclosure by public companies.

According to a fact sheet published on the SEC website, the amendments are designed to better inform investors and provide timely notification of material cybersecurity incidents.

As stated on the SEC fact sheet: “Consistent, comparable, and decision-useful disclosures would allow investors to evaluate registrants’ exposure to cybersecurity risks and incidents as well as their ability to manage and mitigate those risks and incidents.”

The proposed amendments would require, among other things, current reporting about material cybersecurity incidents and periodic reporting to provide updates about previously reported cybersecurity incidents. This would be accomplished by:

The proposal also would require periodic reporting about a registrant’s policies and procedures to identify and manage cybersecurity risks. Specifically, the proposal would:

The notice of the proposed rules and amendments was released on March 9, 2022. The public comment period will remain open for 60 days following publication of the proposing release on the SEC’s website or 30 days following publication of the proposing release in the Federal Register, whichever period is longer.

For more information about the proposed regulations or public company cybersecurity practices in general, contact us. We are here to help.

© 2022