The Securities and Exchange Commission (SEC) is kicking the tires on new cybersecurity and data privacy disclosure requirements for investment companies, investment advisers, broker-dealers, and public companies.
In a speech delivered Monday at the Northwestern Pritzker School of Law’s annual Securities Regulation Institute conference, SEC Chair Gary Gensler laid out potential rule changes he said would strengthen existing cybersecurity hygiene and incident reporting disclosures for financial sector participants; enhance disclosures made to clients and customers regarding data breaches; and enhance existing cyber risk disclosure requirements for public companies, with a goal of increasing the transparency of their cybersecurity practices.
