Author: Julia Armstrong
August 02, 2023
On July 26, the U.S. Securities and Exchange Commission (SEC) formally approved and adopted new cybersecurity disclosure rules for public companies. First proposed on March 9, 2022, and then closed and reopened several times for comment periods through May 2023, the highly anticipated new rules require registrants to disclose material cybersecurity incidents they experience and to disclose on an annual basis material information regarding their cybersecurity risk management, strategy and governance. Foreign private issuers are also required to make comparable disclosures.