Insights

Client Alert

The SEC Adopts Cybersecurity Disclosure Regime for Public Companies

July 26, 2023

By Sean Donahue,Brad Bondi,Aaron Charfoos,Kenneth P. Herzinger,Spencer Francis Young,& Jeremy Berkowitz

Share

On July 26, 2023, the U.S. Securities and Exchange Commission adopted enhanced disclosure requirements regarding cybersecurity risk management, strategy, governance and incident reporting for public companies. The final rules reflect a less stringent regime than initially proposed. The amendments call for (1) real-time disclosure of cybersecurity incidents on Form 8-K or Form 6-K, as applicable, and (2) annual disclosure of an issuer’s cybersecurity risk assessment processes and the respective roles of its board of directors and management in overseeing and managing cybersecurity threats. Companies should be preparing now for the rules’ coming effectiveness.

Click here for a PDF of the full text

READ NEXT

Daily Financial Regulation Update -- Wednesday, August 2, 2023

August 02, 2023

Contributors

Partner, Corporate Department

1(202) 551-1704

Partner, Litigation Department

1(202) 551-1701

Partner, Litigation Department

1(312) 499-6016

Kenneth P. Herzinger

Partner, Litigation Department

1(415) 856-7040

Spencer Francis Young

Senior Practice Group Attorney

1(858) 458-3026

Jeremy Berkowitz

Senior Privacy Director and Deputy Chief Privacy Officer

1(202) 551-1230

Practice Areas

Data Privacy and Cybersecurity

Securities and Capital Markets

For More Information

Image: Sean Donahue

Partner, Corporate Department

1(202) 551-1704

Image: Brad Bondi

Partner, Litigation Department

1(202) 551-1701

Image: Aaron Charfoos

Partner, Litigation Department

1(312) 499-6016

Image: Kenneth P. Herzinger

Kenneth P. Herzinger

Partner, Litigation Department

1(415) 856-7040

Image: Spencer Francis Young

Spencer Francis Young

Senior Practice Group Attorney

1(858) 458-3026

Image: Jeremy Berkowitz

Jeremy Berkowitz

Senior Privacy Director and Deputy Chief Privacy Officer

1(202) 551-1230