Director of the SEC Division of Corporation Finance Erik Gerding highlighted the rationale and mechanics behind the SEC's new rules on disclosure of cybersecurity policies and related incidents.
News & Insights
Comments on an SEC proposal that would create new cybersecurity risk management and disclosure requirements are due by June 5, 2023.
The SEC proposed a new rule that would require market entities to implement procedures designed to address cybersecurity risk, and a related form for disclosing information about cyber incidents and risks.
Industry groups, regulators and elected officials submitted feedback on the SEC's proposed disclosure requirements regarding cybersecurity risk management, governance, strategy and incident reporting by public companies.
SEC Chair Gary Gensler outlined additional regulatory steps to protect registrants, public companies and service providers against "cybersecurity pitfalls" facing the "financial sector, investors, issuers and the economy at large."