April 19, 2023 – Cybersecurity is a growing concern for investors and an enforcement priority for the Securities and Exchange Commission (“SEC”). The SEC has recognized that cyber-related threats are “omnipresent” and a serious danger to our capital markets. The investor community and commentators alike recognize that it is imperative that the SEC and courts act swiftly and severely, requiring companies to make robust and immediate disclosures of cybersecurity incidents, as well as implement safeguards to protect against cyberattacks.
The SEC is well positioned to address cybersecurity regulatory concerns. The Commission has followed up on rule-making efforts that began in 2022 and listed three cybersecurity initiatives on its Fall 2022 Unified Agenda of Regulatory and Deregulatory Actions (released in January 2023).
The cybersecurity-focused agenda items include:
(1) Additional rules to address registrant cybersecurity risk and related disclosures;
(2) Rule amendments to better inform investors about a registrant’s cybersecurity risk management, strategy, and governance, and to provide timely notification of material cybersecurity incidents; and
(3) Rules to enhance fund and…
