New SEC rules on cybersecurity risk management
The US Security and Exchange Commission (SEC) has published new rules regarding cybersecurity risk for public companies and other market participants according to a press release of the SEC. The new rules will require companies which are supervised by the SEC to disclose material cybersecurity incidents they experience to the SEC and to stakeholders as well as to disclose on an annual basis material information regarding their cybersecurity risk management, strategy, and governance. The SEC also adopted rules requiring foreign private issuers to make comparable disclosures.
The Fact Sheet and Final Rule are now available for companies to peruse and implement.