SEC Adopts Rules on Cyber Security Risk Management, Strategy, Governance, and Incident Disclosure by Public Companies

      The SEC has voted today to adopt new rules requiring public companies to disclose material cyber security incidents and, to disclose on an annual basis, material information regarding their cyber security risk management, strategy, and governance.

      The new rules are intended to improve the transparency of cyber security information for investors and to help them make more informed investment decisions. The rules are also intended to encourage companies to take cyber security more seriously and to invest in effective cyber security measures.

      Key Benefits of the SEC’s New Cyber Security Risk Rules 

      Here are some of the key benefits of the new rules:

      • Increased transparency for investors: the new rules will require companies to disclose more information about their cyber security risks and incidents, which will help investors to make more informed investment decisions.
      • Increased accountability for companies: the new rules will put pressure on companies to take cyber security more seriously and to invest in effective cyber security measures.
      • Enhanced market stability: the new rules will help to protect the financial markets from the negative effects of cyber security incidents.

      Overall, the new SEC cyber security disclosure rules are a positive step forward for investors, companies, and the financial markets. The rules will help to improve transparency, accountability, and market stability in the face of growing cyber security threats.

      The SEC’s press release can be found here.

      To learn more about this update, please reach out to our Cyber & Data Protection team today. 

      Previous post Next post

      More like this

      Cyber security in 2023 - key trends and future considerations for the financial services sector

      2023 presented a continued surge in cyber attacks, ranging from sophisticated ransomware campaigns to supply chain compromises. These threats pose…
      Read more

      LinkedIn Account Takeovers and Ransom Demands - A Threat Extending to Business Accounts

      In the ever-evolving landscape of cyber security, new threats are constantly emerging, targeting our personal and professional digital spaces.
      Read more

      US State Data Privacy Laws – a comparison

      As more US states introduce privacy laws, companies must be aware of and be able to manage the varying provisions…
      Read more

      Business Email Compromise – is your business protected?

      In today's digital age, email has become an essential tool for business communication. However, with the increasing reliance on email,…
      Read more

      The California Privacy Rights Act – what it means for consumers and businesses

      The California Privacy Rights Act (CPRA) is a privacy law that was passed in California in November 2020 and came…
      Read more

      Open comment period for SEC’s proposed cyber security requirements deadline

      The Securities and Exchange Commission (SEC) is seeking public comment on proposed cyber security requirements for investment advisers and broker-dealers.…
      Read more