Risks, opportunities under SEC’s cyber incident disclosure rule
By 
Adrianne Appel2023-08-02T19:57:00
The clock is ticking for public companies to put in place policies and practices to meet the requirements of the Securities and Exchange Commission’s (SEC) newly approved cybersecurity incident disclosure rule.
The intent of the 186-page final rule, adopted last week, is to make more information about material cybersecurity incidents available to investors—and quicker.
The rule follows guidance the SEC issued on cybersecurity incident disclosures in 2011 and 2018. While risk reporting and management have improved since then, disclosure practices across companies are “inconsistent,” which the new policy aims to address, the agency said in a fact sheet.
THIS IS MEMBERS-ONLY CONTENT
You are not logged in and do not have access to members-only content.
If you are already a registered user or a member, SIGN IN now.
Related articles
-
PremiumSurvey: Public companies fear added cyber risks from SEC disclosures
Large public companies say they are prepared to comply with the disclosure requirements of the SEC’s new cybersecurity incident rule, according to a survey conducted by Compliance Week and DLA Piper, but concerns exist that those reports could enhance the threat of future cyberattacks.
-
News BriefCISA teases cyber incident reporting rule for critical infrastructure
Financial businesses and other critical infrastructure entities would have to report significant cybersecurity and ransomware incidents to the federal government under a new rule that will be proposed by the Cybersecurity and Infrastructure Security Agency.
-
News BriefDOJ sets expectations for SEC cyber incident disclosure delays
Companies won’t have an easy path toward earning additional time from the Department of Justice regarding the disclosure of a material cybersecurity incident to the Securities and Exchange Commission as required under a new rule.
More from Regulatory Policy
-
News BriefTrump’s pivot on crypto leads SEC to seek settlement with Gemini
The Securities and Exchange Commission (SEC)’s pivot in favor of crypto took another step as the agency indicated it wants to resolve a long-standing lawsuit against the crypto exchange Gemini.
-
PremiumRepublican-led SEC abandons climate rule; Dem commissioner calls move ‘unlawful’
The Securities and Exchange Commission’s Republican leadership is abandoning the climate-related disclosure rule package passed last year by Democrats, hoping that the courts will kill regulations already on life support.
-
News BriefFinCEN drops BOI requirement for U.S. companies, persons
The U.S. Treasury Department’s Financial Crimes Enforcement Network issued a final interim rule that eliminates beneficial ownership information reporting obligations for U.S.-based companies and persons.