On March 9, 2022 the SEC proposed rule amendments that would require public companies to report detailed information about material cybersecurity incidents affecting their business and about their cybersecurity risk management and governance. The new requirements are intended to promote standardization of cybersecurity disclosure and the comparability of such disclosure across companies and time periods. The SEC proposes to amend Regulation S-K and Exchange Act forms to require companies to report cybersecurity incidents on Form 8-K within four business days after the company determines the incident is material. Companies would also be required to provide updated disclosures on Forms 10-Q and 10-K about previously disclosed incidents, as well as to disclose in their periodic reports any series of previously undisclosed individually immaterial incidents that has become material in the aggregate.
Please see full publication below for more information.