Last month, the U.S. Securities and Exchange Commission issued a proposal to enhance and standardize disclosure requirements related to cybersecurity incident reporting and cybersecurity risk management, strategy, and governance. Among other changes, the SEC’s proposal would require disclosure about material cybersecurity incidents within four business days and require annual disclosure regarding a registrant’s policies and procedures for identifying and managing cybersecurity risks. The proposal, which has a short window for public comment, requires close consideration by public companies and other SEC registrants.
Please click here to read the full alert memorandum.