SEC Pulse Header NEW-1

SEC Proposes Rules on Cybersecurity Governance and Disclosure by Public Companies

Posted by Howard Berkenblit on March 9, 2022 at 4:08 PM

The SEC today proposed amendments to its rules to enhance and standardize disclosures regarding cybersecurity risk management, strategy, governance, and incident reporting by public companies.

The proposed amendments would require, among other things, current reporting on a Form 8-K about material cybersecurity incidents and periodic reporting to provide updates about previously reported cybersecurity incidents, as well as reporting when a series of previously undisclosed individually immaterial cybersecurity incidents has become material in the aggregate.

The proposal also would require periodic reporting about a registrant’s policies and procedures to identify and manage cybersecurity risks; the registrant’s board of directors' oversight of cybersecurity risk; and management’s role and expertise in assessing and managing cybersecurity risk and implementing cybersecurity policies and procedures. The proposal further would require annual reporting or certain proxy disclosure about the board of directors’ cybersecurity expertise, if any. The new disclosure would also need to be tagged with XBRL.

Topics: cybersecurity, Form 8-K

Sullivan 4c

About the Blog


The SEC Pulse provides updates and commentary from our Capital Markets Group on issues affecting publicly traded and privately owned businesses, investment banks and foreign companies who trade or raise capital in the United States, and boards of directors and company officers in securities transactions and corporate governance matters.

The material on this site is for general information only and is not legal advice. No liability is accepted for any loss or damage which may result from reliance on it. Always consult a qualified lawyer about a specific legal problem.

Subscribe to Blog

Recent Posts

Posts by Topic

see all