SEC sets out cybersecurity proposal with 4-day breach reporting window

The Securities and Exchange Commission proposed amendments to its rules to enhance and standardize disclosures regarding cybersecurity risk management, strategy, governance, and incident reporting by public companies.

The proposed amendments would require, among other things, current reporting about material cybersecurity incidents and periodic reporting to provide updates about previously reported cybersecurity incidents. One amendment would require registrants to disclose information about a cybersecurity incident within four business days after the registrant determines that it has experienced a material cybersecurity incident.

The proposal also would require periodic reporting about a registrant’s policies and procedures to identify and manage cybersecurity risks; the registrant’s board of directors’ oversight of cybersecurity risk; and management’s role and expertise in assessing and managing cybersecurity risk and implementing cybersecurity policies and procedures. The proposal further would require annual reporting or certain proxy disclosure about the board of directors’ cybersecurity expertise, if any.

“Over the years, our disclosure regime has evolved to reflect evolving risks and investor needs,” said SEC chair Gary Gensler, in a statement. “Today, cybersecurity is an emerging risk with which public issuers increasingly must contend. Investors want to know more about how issuers are managing those growing risks. A lot of issuers already provide cybersecurity disclosure to investors. I think companies and investors alike would benefit if this information were required in a consistent, comparable, and decision-useful manner. I am pleased to support this proposal because, if adopted, it would strengthen investors’ ability to evaluate public companies’ cybersecurity practices and incident reporting.”

Read the full proposal

Read SFM’s recent interviews with cyber experts

Related Posts

Previous Post
UAE establishes regulatory authority for digital assets
Next Post
ECB to taper Asset Purchase Programme, end Pandemic Emergency Purchase Programme

Fill out this field
Fill out this field
Please enter a valid email address.

X

Reset password

Create an account