This summer, the Securities and Exchange Commission (SEC) adopted rules to enhance and standardize disclosures by public companies regarding cybersecurity risk management, strategy, governance, and incidents.
The rules will impose a number of new requirements, including disclosures regarding:
- Material cybersecurity incidents, which must be made within four (4) business days – a tight timeline