Legal professionals in the corporate world should be aware of significant changes to the cybersecurity disclosure rules implemented by the Securities and Exchange Commission (SEC). The organization approved these new requirements on July 26, 2023 and they primarily focus on mandating public companies to make specific disclosures regarding substantial cybersecurity incidents and periodic disclosure of a company’s cybersecurity risk management, strategy, and governance in their annual reports. This motion is referred to as the “Final Rule”.
The final rule closely mirrors the rules proposed by the SEC in March 2022, but with some noteworthy adjustments. The full extent and specifics of these changes have not been detailed in the available documentation, but they will certainly have significant implications for how companies manage and report their cybersecurity efforts.
Cybersecurity has been an increasingly pertinent issue in recent years, with companies around the world transitioning towards more digital operation methods. Ensuring robust cybersecurity measures and transparent reporting is critical, not just for the safety of companies and their clients, but also to maintain investor confidence.
Compliance with these updated disclosure requirements is crucial for publicly traded companies. Due to the increasing sophistication and frequency of cyber-attacks globally, understanding and following these regulations will help protect not just the company’s confidential information and infrastructure, but also the interests of shareholders and stakeholders.
Experts from the multinational law firm Dechert LLP explore these topics and other relevant information in the 38th issue of Dechert’s Cyber Bits, a comprehensive examination of cyber law developments. You can review the entire commentary for more detailed information and analysis here .