On March 9, 2022, in a highly anticipated meeting, the SEC proposed rules that would require enhanced disclosures about material cybersecurity incidents and public companies’ policies and procedures surrounding cybersecurity risk.
- Require disclosure on Form 8-K of material cybersecurity incidents,
- Require periodic updating of information about previously disclosed incidents, and
- Require periodic disclosures including policies and procedures to identify and manage cybersecurity risks, management’s role in such policies and procedures, and information about board expertise and oversight of cybersecurity risk.
The Proposed Rule will have a comment period of 60 days from publication on the SEC’s website or 30 days after publication in the Federal Register, whichever is longer.
As always, your thoughts and comments are welcome!