The Securities and Exchange Commission (SEC) has recently instituted new rules pertaining to cybersecurity disclosure. These are particularly relevant to Canadian issuers that are reporting issuers with the SEC. This latest regulatory shift marks a critical update for many international corporations and legal firms providing counsel on regulatory compliance.
The new rules are found to be associated with the disclosure requirements regarding cybersecurity risk management, strategy, governance, and incidents. This underscores the growing emphasis being placed on the integration of proper cybersecurity measures in the operational structure of the business sector. Such requirements play a crucial role in providing investors and stakeholders with essential information about a company’s risk management strategies and cybersecurity protocols.
Specifically, these requirements are founded on the principle of transparency. The SEC believes that corporations should not only augment their defenses against cyberattacks but should also ensure that they transparently communicate their cybersecurity strategies. This benefits all parties involved, from stakeholders to customers, by providing them a clearer understanding of the company’s security protocols and the inherent risks associated thereto.
It is also important to note that, apart from the transparency it upholds, the requirement for disclosure may indirectly propel a company’s growth. An enterprise can leverage the necessary knowledge and information obtained from these processes to fortify its cybersecurity measures, thereby deterring potential cyber threats and simultaneously improving the company’s reputation among customers and investors alike.
While these changes are undoubtedly crucial for corporations to understand and implement, they may also be a complex translation for those not well-versed in the jargon of cybersecurity and regulatory compliance. It is therefore recommended that corporations consult with a well-informed legal counsel to guide them through these changes and to ensure that they are in compliance with these regulations.
For a more comprehensive understanding of these new SEC cybersecurity disclosure rules, the detailed report by Dorsey & Whitney LLP, expert counsels in the field, can be accessed here.