SEC Adopts New Rules for Disclosure of Cybersecurity Incidents
The U.S. Securities and Exchange Commission (SEC) has adopted new rules for disclosure of cybersecurity incidents and risk management by publicly traded companies.
Under the new requirements, registrants must:
- Disclose any cybersecurity incident that they “determine to be material and to describe the material aspects of the incident's nature, scope, and timing” as well as the incident’s material impact within four days.
- Annually disclose their processes, if any, “for assessing, identifying, and managing material risks from cybersecurity threats.”
- Annually describe the “board of directors’ oversight of risks from cybersecurity threats and management’s role and expertise in assessing and managing material risks from cybersecurity threats.”
The SEC will also require foreign private issuers to make comparable disclosures. The rules “will benefit investors, companies, and the markets connecting them,” says SEC Chair Gary Gensler.
08/11/2023
Subscribe to our ADMIN Newsletters
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Most Popular
Support Our Work
ADMIN content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.