It’s Official: Cybersecurity Disclosure Is Coming This Year
The U.S. Securities and Exchange Commission adopted final rules on July 26, 2023, requiring public companies to provide current disclosure, within what may be a short time window, about material cybersecurity incidents and to include disclosure relating to cybersecurity risk management, strategy, and governance in annual reports.
According to the SEC, these rules are designed to enhance and standardize disclosures regarding cybersecurity risk management, strategy, and incidents, which in the SEC's view have been inconsistent (and in some cases deficient) since the SEC first published guidance in this area back in 2011. The final rules are based on a rule proposal published by the SEC more than one year ago in March 2022 and do scale back some of the previously proposed disclosure requirements.
Print and share
Explore more in
Perkins on Privacy
Perkins on Privacy provides updates and insights on an array of privacy and data security legal issues, brought to you by Perkins Coie’s Chambers-ranked Privacy & Security practice. Subscribe 🡢