Risks, opportunities under SEC’s cyber incident disclosure rule


The clock is ticking for public companies to put in place policies and practices to meet the requirements of the Securities and Exchange Commission’s (SEC) newly approved cybersecurity incident disclosure rule.

The intent of the 186-page final rule, adopted last week, is to make more information about material cybersecurity incidents available to investors—and quicker.

The rule follows guidance the SEC issued on cybersecurity incident disclosures in 2011 and 2018. While risk reporting and management have improved since then, disclosure practices across companies are “inconsistent,” which the new policy aims to address, the agency said in a fact sheet.

lock iconTHIS IS MEMBERS-ONLY CONTENT. To continue reading, choose one of the options below.