This summer, the Securities and Exchange Commission (SEC) adopted rules to enhance and standardize disclosures by public companies regarding cybersecurity risk management, strategy, governance, and incidents.
The rules will impose a number of new requirements, including disclosures regarding:
- Material cybersecurity incidents, which must be made within four (4) business days – a tight timeline that will compel subject companies to efficiently conduct their preliminary investigation of cybersecurity incidents so that they are prepared to make disclosures regarding the nature, scope, and timing of such incidents, as well as their material or reasonably likely impact on the company. Subject companies will also need to provide updates regarding previously reported cybersecurity incidents in their periodic reports.
Read more of this article at Workplace Privacy, Data Management & Security Report.