On July 26, 2023, in a pivotal 3-2 vote, the Securities and Exchange Commission (SEC) adopted new regulations. Known as the “Final Rules,” these will necessitate public companies to disclose information about cybersecurity incidents. Additionally, they are also required to divulge facts about their management, strategy, and governance in relation to cybersecurity. This development will substantially influence how public companies disclose cybersecurity incidents and information regarding their cybersecurity oversight. Click here for detailed information.
The Final Rules will now compel public companies to be more open and transparent about their cybersecurity events, including data breaches. Companies will no longer be able to keep these incidents under wraps or delay their announcement to the public. This step by the SEC may lead to an increased level of trust between consumers and companies, as businesses will be required to keep their stakeholders informed about potentially impactful cybersecurity incidents.
Prior to the implementation of the Final Rules, there were no clear-cut regulations around how and when companies needed to disclose cybersecurity incidents to their stakeholders. Now, the SEC has set clear guidance on this matter. This move will likely encourage companies to ramp up their cybersecurity strategies and measures.
This decision also places a stronger focus on cybersecurity governance. This means that directors and officers of a corporation could face an increased level of accountability and scrutiny. As cybersecurity incidents become a bigger concern for corporations, it’s essential for top brass to take a more proactive approach to manage such risks.
It is clear that the Final Rules will have a significant impact on the way public companies handle cybersecurity incidents and risks. Going forward, these businesses will need to place cybersecurity at the forefront of their operational strategy. As the SEC is raising the bar for disclosure and transparency, businesses will need to ensure they are fully compliant and prepared for this change.