March 16, 2022

Last week, the SEC proposed rule amendments to enhance and standardize disclosures regarding cybersecurity risk management, strategy, governance, and incident reporting by public companies. The proposed rules include an amendment to Form 8-K that would require public companies to disclose a cybersecurity incident within four business days following the company’s determination that the incident is material to the company. The proposed rules also include a series of new disclosure obligations regarding risk management and governance that appear designed to encourage improvements in what companies are actually doing to address these risks. This alert summarizes the key takeaways from the proposed amendments.

To read the full alert, click here.