Sneak Preview? SEC Chair Weighs in on Possible Cyber Disclosure Rulemaking

Recently, SEC Chair Gary Gensler delivered a speech about cybersecurity and a section of that speech was devoted to what public companies now disclose - and would be disclosing once the SEC ultimately adopts new cyber disclosure rules that it plans to propose in the near term - about their cybersecurity practices and incidents. Here are three themes Chair Gensler highlighted in addressing potential SEC rulemaking for public companies on cybersecurity: 1. Rule proposals may include practices with respect to corporate cybersecurity governance, strategy, and risk management. 2. Cyber risk disclosure should be presented in a consistent, comparable, and decision-useful manner across companies. 3. The SEC Staff is considering whether - and how - to update disclosures to investors when cyber events have occurred.