SEC Publishes Public Company Cybersecurity Disclosure Final Rule
– Scott A. Carlson and Adam Isles
The U.S. Securities and Exchange Commission (SEC) recently published its much-anticipated final rule regarding public company cybersecurity disclosures. The final rule was developed in response to growing cyber threats facing public companies, and is intended to provide more insight into how publicly traded companies manage their cybersecurity risks. The disclosures mandated by the rule are intended to provide investors with the information they need to make informed investment decisions and encourage companies to strengthen their cyber risk management practices. Under the rule, public companies must disclose material cyber risks and incidents, as well as describe their cybersecurity policies and procedures. Specifically, public companies must disclose the following information: •Description of the company’s cyber risk management strategies, as well as its cyber incident policies and procedures. •Description of any material cyber incidents that have occurred during the last fiscal year. •Description of material cyber risks that could potentially have a negative impact on company operations. •Description of how the company is addressing these material cyber risks through existing or newly implemented policies and procedures. •Description of any investments that the company has made in cyber security for the current and previous fiscal years. Additionally, the SEC has created a new requirement that requires public companies to disclose the qualifications and
Link: https://www.lexblog.com/2023/08/01/sec-publishes-public-company-cybersecurity-disclosure-final-rule/