In a move aimed at increasing transparency, the Securities and Exchange Commission (SEC) introduced new cybersecurity protocols on July 26, 2023, as reported on JD Supra. This action impacts public company registrants registered with the SEC, including insurance companies with two major stipulations.
The first major impact of this is that registrants must disclose material cybersecurity incidents promptly on Form 8-K. Traditionally, disclosures were not required by the SEC unless the incident was considered a material event.
The second provision underscores the importance of proactive cybersecurity measures. Registrants must now disclose fresh information regarding cyber risk management, their strategy, and governance as part of their annual disclosures. This element helps inform investors about the more significant aspects of a company’s cybersecurity response readiness and strategies in place to address and mitigate cybersecurity risks.
Notably, these requirements do not extend to investment company registrants, highlighting how the measures target specific sectors within the financial landscape.
The adoption of these new rules underscores the increasing importance of cybersecurity in an ever-evolving digital landscape, and more critically, the role of disclosure in promoting informed investment decisions.