SEC Adopts New Cybersecurity Rules

Shutts & Bowen LLP

In yet another indication of the increasing weight being given by government officials to cybersecurity, on July 26, 2023, the Securities and Exchange Commission adopted new rules requiring public companies to disclose material cybersecurity incidents they experience and to disclose on an annual basis material information regarding their cybersecurity risk management, strategy, and governance. The SEC also adopted rules requiring foreign private issuers to make comparable disclosures.

The SEC’s new rules are designed to help investors make informed investment decisions by providing them with more information about the cybersecurity risks facing public companies. The rules also encourage public companies to take steps to improve their cybersecurity measures. The new rules, which have been in the works since March 2022, will go into effect on December 1, 2023.

The new rules will require public companies to disclose cybersecurity incidents within four business days after the company determines that the incident is material, meaning one that is likely to have a significant impact on the company’s business, financial condition, or operations. Additionally, the new rules require public companies to describe their processes for assessing, identifying, and managing materials risks from cybersecurity threats, as well as the material effects of risks from cybersecurity threats and previous incidents.  Further, the new rules also require public companies to describe the board of directors’ oversight of risks from cybersecurity threats, as well as management’s role and expertise in assessing and managing material risks from cybersecurity threats.

While these new rules only apply to public companies, they signal a general increased emphasis on governmental supervision in the realm of cybersecurity. 

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Shutts & Bowen LLP | Attorney Advertising

Written by:

Shutts & Bowen LLP

Shutts & Bowen LLP on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide