Proposed Rules From the SEC Intended to Enhance Public Company Disclosures About Cybersecurity Risks

Proposed Rules From the SEC Intended to Enhance Public Company Disclosures About Cybersecurity Risks

Insight Blog
On March 9, 2022, the Securities and Exchange Commission proposed rules that are intended to enhance disclosures about cybersecurity risk management, strategy, governance, and incident reporting by public companies.  If adopted as proposed, the rules will dramatically impact the way public companies, boards, and management disclose cyber incidents and matters relating to their cybersecurity oversight (including board and management expertise).  The proposed rules represent a significant expansion of current SEC guidance, which dates back to 2011 and 2018, and if adopted as released, will likely lead to operational and governance changes for many businesses.  For more detailed information about the proposed rules, see this post on our Focus on Audit Committees, Accounting and the Law blog.

More from this series