Risks, opportunities under SEC’s cyber incident disclosure rule
By 
Adrianne Appel2023-08-02T19:57:00
The clock is ticking for public companies to put in place policies and practices to meet the requirements of the Securities and Exchange Commission’s (SEC) newly approved cybersecurity incident disclosure rule.
The intent of the 186-page final rule, adopted last week, is to make more information about material cybersecurity incidents available to investors—and quicker.
The rule follows guidance the SEC issued on cybersecurity incident disclosures in 2011 and 2018. While risk reporting and management have improved since then, disclosure practices across companies are “inconsistent,” which the new policy aims to address, the agency said in a fact sheet.
THIS IS MEMBERS-ONLY CONTENT
You are not logged in and do not have access to members-only content.
If you are already a registered user or a member, SIGN IN now.
Related articles
-
AnalysisAfter fighting the good fight, here’s how you know it’s time to leave a company
As conversations about corporate accountability increasingly turn to include questions about “tone from the top” and the responsibility of senior leadership and boards of directors, compliance professionals are increasingly discussing what to do when they see executive wrongdoing. The answer, one panelist who’d help lead a multinational company said, is ...
-
PremiumSurvey: Public companies fear added cyber risks from SEC disclosures
Large public companies say they are prepared to comply with the disclosure requirements of the SEC’s new cybersecurity incident rule, according to a survey conducted by Compliance Week and DLA Piper, but concerns exist that those reports could enhance the threat of future cyberattacks.
-
News BriefCISA teases cyber incident reporting rule for critical infrastructure
Financial businesses and other critical infrastructure entities would have to report significant cybersecurity and ransomware incidents to the federal government under a new rule that will be proposed by the Cybersecurity and Infrastructure Security Agency.
More from Regulatory Policy
-
ArticleU.K. Employment Rights Act will lead to rise in tribunal claims
The number of U.K. employment tribunal cases could rise following reforms in the Employment Rights Act 2025. Several changes take effect this year, including shorter unfair dismissal qualifying periods, day-one worker rights, stronger protections for pregnant women, and an end to exploitative contracts.
-
ArticleU.K. government scraps long-awaited audit reforms to prioritize growth
Long-awaited reforms to the U.K. audit regime have been “scrapped” from the government’s legislative plans. The decision has led to an outburst of disappointment and frustration from audit bodies and pension funds that argued the reforms would increase trust in companies and support growth.
-
News BriefCFPB, DOJ withdraw guidance to lenders considering borrowers’ immigration status
Two months after the U.S. Consumer Financial Protection Bureau proposed a rule change to narrow anti-discrimination requirements for lenders, it has reversed previous guidance on noncitizen customers looking to borrow.