SEC Adopts New Rules for Disclosure of Cybersecurity Incidents


New rules involve immediate and annual reporting requirements.

The U.S. Securities and Exchange Commission (SEC) has adopted new rules for disclosure of cybersecurity incidents and risk management by publicly traded companies.

Under the new requirements, registrants must:

  • Disclose any cybersecurity incident that they “determine to be material and to describe the material aspects of the incident's nature, scope, and timing” as well as the incident’s material impact within four days.
  • Annually disclose their processes, if any, “for assessing, identifying, and managing material risks from cybersecurity threats.”
  • Annually describe the “board of directors’ oversight of risks from cybersecurity threats and management’s role and expertise in assessing and managing material risks from cybersecurity threats.”

The SEC will also require foreign private issuers to make comparable disclosures. The rules “will benefit investors, companies, and the markets connecting them,” says SEC Chair Gary Gensler.




Related content

  • News for Admins
    In the news: US Agencies Issue Quantum-Readiness Recommendations; Bitwarden Secrets Manager; IBM X-Force Releases Detection and Response Framework for Managed File Transfers; National Strategy to Expand US Cyber Workforce; SEC Adopts New Rules for Disclosure of Cybersecurity Incidents; Canonical Announces Real-Time Ubuntu for Intel Core; EU-US Data Privacy Framework Ensures Safe Data Transfers; IEEE Releases New Standard for LiFi Communications; EU Health Sector Security Risks; and JupyterLab 4.0.
  • Understanding Cybersecurity Maturity Model Certification
    United States Cybersecurity Maturity Model Certification will be required by mid-2023 to handle controlled unclassified information and win federal contracts, but it can also help minimize business risk and keep information out of the hands of adversaries.
  • Malware Remains Top Cause of Cybersecurity Incidents
  • Prepare Now for New Cybersecurity Regulations
  • News for Admins
    In the news: NIST Updates Cybersecurity Framework; Poor Cloud Security Practices Put Organizations at Risk; ORNL and NOAA Launch New Supercomputer for Climate Research; DOE Envisions New High Performance Data Facility; VMware Updates Tanzu with New Security Features; Microsoft Launches AI-Powered Security Copilot; IBM Deploys First Quantum Computer Dedicated to Healthcare Research; LPI Announces IT Security Essentials Certification
comments powered by Disqus
Subscribe to our ADMIN Newsletters
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs

Support Our Work

ADMIN content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.