Category: Cybersecurity

Electronic screens display economic charts and the logo for the Federal Trade Commission
What the SEC's new cybersecurity disclosure rules mean for companies
Noah Jellison
Author Profile
Julia Armstrong
Author Profile
C. Emre Koksal
Author Profile
Cybersecurity
Cyber, Technology, Security, IT Risk, SEC
On July 26, the U.S. Securities and Exchange Commission (SEC) formally approved and adopted new cybersecurity disclosure rules for public companies. First proposed on March 9, 2022, and then closed and reopened several times for comment periods through May 2023, the highly anticipated new rules require registrants to disclose material cybersecurity incidents they experience and to disclose on an annual basis material information regarding their cybersecurity risk management, strategy and governance. Foreign private issuers are also required to make comparable disclosures.