New SEC Cybersecurity Disclosure Rules

New SEC Cybersecurity Disclosure Rules

Blog WilmerHale Privacy and Cybersecurity Law
On July 26, 2023, the Securities and Exchange Commission (the “SEC”), voted to adopt new rules for public companies that will require disclosures regarding “material” cybersecurity incidents, as well as cybersecurity risk management, strategy, and governance. The new rules include both current and periodic reporting requirements, and marks a significant expansion in the way that public companies make disclosures relating to cybersecurity. The new rules will become effective 30 days from publication in the Federal Register and will apply broadly to all public companies, including foreign private issuers, emerging growth companies and smaller reporting companies. 

For additional discussion of some key rule highlights, see this post on our Focus on Audit Committees, Accounting and the Law blog. Given the interdisciplinary nature of cybersecurity issues, we are working closely with our corporate disclosure colleagues to develop recommendations on steps companies should take in response to the new requirements and look forward to sharing our collective thoughts in a forthcoming client alert.


More from this series


Unless you are an existing client, before communicating with WilmerHale by e-mail (or otherwise), please read the Disclaimer referenced by this link.(The Disclaimer is also accessible from the opening of this website). As noted therein, until you have received from us a written statement that we represent you in a particular manner (an "engagement letter") you should not send to us any confidential information about any such matter. After we have undertaken representation of you concerning a matter, you will be our client, and we may thereafter exchange confidential information freely.

Thank you for your interest in WilmerHale.