Public companies face significant challenges and uncertainties under the new reporting requirements that took effect December 18, 2023. On July 26, 2023, the U.S. Securities and Exchange Commission ("SEC") adopted much-anticipated cybersecurity rules that apply to U.S. SEC reporting companies as well as most foreign private issuers. In adopting the final rules, the SEC noted the rising prevalence and gravity of cybersecurity threats and incidents, and investors' need for more timely, reliable and uniform disclosures. The SEC also cited the economic costs resulting from cybersecurity incidents, and increasing reliance on electronic systems that are susceptible to cybersecurity breaches and unknown vulnerabilities. Under the new rules, reporting companies must have, among other things, board and management-level governance structures, controls and procedures to manage cybersecurity risks, and should a material cybersecurity attack be detected, the rules require disclosure of the incident.
CGR Memo - New SEC Cyber Incident Disclosure Requirements Take Effect.pdf (pdf | 258.77 KB )
To subscribe to Cahill Publications Click Here
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
We operate a free-to-view policy, asking only that you register in order to read all of our content. Please login or register to view the rest of this article.