In previous posts on the Porter Hedges Anti-Corruption & Compliance Blog, our team has discussed the U.S. Securities and Exchange Commission’s (“SEC”) proposal to amend its rules and require disclosures related to cybersecurity practices. The SEC wants to enhance and standardize the disclosures companies must report about their risk management, strategy, and governance. Among other proposals, the SEC has proposed to make additions to Regulation S-K and Form 20-F, which would require companies to describe their policies and procedures that aim to identify and manage cybersecurity threats.
The SEC’s proposed requirements include disclosure of whether a company considers cybersecurity as part of the company’s business strategy, financial planning, and capital allocation. These requirements would also require disclosure about any oversight of risks and disclosure about leadership’s role and experience in identifying and managing cybersecurity threats. Additionally, the SEC’s proposed requirements would request disclosure about how the company’s leadership implements company guidelines and strategies to combat cyber-attacks.
The Cybersecurity & Infrastructure…
