SEC Issues Rules on Cybersecurity Reporting Obligations

On July 26, the Securities and Exchange Commission (SEC) issued new rules adding cybersecurity disclosures for public companies in three areas: cybersecurity incidents, governance, and risk management and strategy. The new rules require a company to (1) report material cybersecurity incidents within four business days and (2) include in their annual report information about how it manages material risks from cybersecurity threats and what role leadership plays in addressing cybersecurity issues.

Learn more about the rules in the latest issue of the Privacy and Data Security Client Alert >>