New SEC cybersecurity disclosure rules: What you need to know to stay in compliance

By
riskacademy
-
0
246

Cinthia Motley
Contributor

Cinthia Motley is the Director of Dykema’s Global Data Privacy and Information Security Practice Group and also leads Dykema’s Business Litigation Practice Group.

Matthew Hays is a senior attorney at Dykema and a Certified Information Privacy Professional for both the U.S. and Canada who has worked extensively with U.S. federal, sectorial and state comprehensive privacy laws.

The Securities and Exchange Commission (SEC) has taken a significant step in bolstering cybersecurity disclosures for public companies by adopting new rules that aim to provide investors with comprehensive and standardized information on cybersecurity risk management, strategy, governance, and incidents.

Adopted in July 2023, these new rules come after a lengthy rule-making and public comment process and act as official recognition that the ever-present danger of cybersecurity threats can impact investor decision making.

The highlights: What you need to know

The crux of the new SEC rules is that companies are required to report both material cybersecurity incidents and cybersecurity risk management processes in a…

Read More…

RELATED ARTICLESMORE FROM AUTHOR