SlideShare a Scribd company logo

SEC Cybersecurity Rule.pdf

Internet Law Center
Internet Law Center

SEC Rule Requiring Disclosures of Cyber Events.

Law
1 of 2
Download to read offline
FACT SHEET Public Company Cybersecurity Disclosures; Final Rules U.S. SECURITIES AND EXCHANGE COMMISSION PAGE 1 OF 2 Background In March 2022, the Commission proposed new rules, rule amendments, and form amendments to enhance and standardize disclosures regarding cybersecurity risk management, strategy, governance, and material cybersecurity incidents by public companies that are subject to the reporting requirements of the Securities Exchange Act of 1934. The Commission observed that cybersecurity threats and incidents pose an ongoing and escalating risk to public companies, investors, and market participants. It noted that cybersecurity risks have increased alongside the digitalization of registrants’ operations, the growth of remote work, the ability of criminals to monetize cybersecurity incidents, the use of digital payments, and the increasing reliance on third party service providers for information technology services, including cloud computing technology. The Commission also observed that the cost to companies and their investors of cybersecurity incidents is rising and doing so at an increasing rate. All of these trends underscored the need for improved disclosure. The proposal followed on interpretive guidance issued by Commission staff in 2011 and by the Commission in 2018 on the application of existing disclosure requirements to cybersecurity risk and incidents. Although registrants’ disclosures of material cybersecurity incidents and cybersecurity risk management and governance have improved since the 2011 and 2018 guidance, disclosure practices are inconsistent, necessitating new rules. The proposal was intended to result in consistent, comparable, and decision-useful disclosures that would allow investors to evaluate registrants’ exposure to material cybersecurity risks and incidents as well as registrants’ ability to manage and mitigate those risks. What’s Required New Form 8-K Item 1.05 will require registrants to disclose any cybersecurity incident they determine to be material and describe the material aspects of the nature, scope, and timing of the incident, as well as the material impact or reasonably likely material impact of the incident on the registrant, including its financial condition and results of operations. The Securities and Exchange Commission adopted final rules requiring disclosure of material cybersecurity incidents on Form 8-K and periodic disclosure of a registrant’s cybersecurity risk management, strategy, and governance in annual reports.
FACT SHEET | Public Company Cybersecurity Disclosures; Final Rules U.S. SECURITIES AND EXCHANGE COMMISSION PAGE 2 OF 2 Registrants must determine the materiality of an incident without unreasonable delay following discovery and, if the incident is determined material, file an Item 1.05 Form 8-K generally within four business days of such determination. The disclosure may be delayed if the United States Attorney General determines that immediate disclosure would pose a substantial risk to national security or public safety and notifies the Commission of such determination in writing. If the Attorney General indicates that further delay is necessary, the Commission will consider additional requests for delay and may grant such relief through possible exemptive orders. New Regulation S-K Item 106 will require registrants to describe their processes, if any, for assessing, identifying, and managing material risks from cybersecurity threats, as well as whether any risks from cybersecurity threats, including as a result of any previous cybersecurity incidents, have materially affected or are reasonably likely to materially affect the registrant. Item 106 will also require registrants to describe the board of directors’ oversight of risks from cybersecurity threats and management’s role and expertise in assessing and managing material risks from cybersecurity threats. Form 6-K will be amended to require foreign private issuers to furnish information on material cybersecurity incidents that they make or are required to make public or otherwise disclose in a foreign jurisdiction to any stock exchange or to security holders. Form 20-F will be amended to require that foreign private issuers make periodic disclosure comparable to that required in new Regulation S-K Item 106. What’s Next The final rules will become effective 30 days following publication of the adopting release in the Federal Register. With respect to Regulation S-K Item 106 and the comparable requirements in Form 20-F, all registrants must provide such disclosures beginning with annual reports for fiscal years ending on or after December 15, 2023. With respect to compliance with the incident disclosure requirements in Form 8-K Item 1.05 and in Form 6- K, all registrants other than smaller reporting companies must begin complying on the later of 90 days after the date of publication in the Federal Register or December 18, 2023. Smaller reporting companies will have an additional 180 days and must begin complying with Form 8-K Item 1.05 on the later of 270 days from the effective date of the rules or June 15, 2024. With respect to compliance with the structured data requirements, all registrants must tag disclosures required under the final rules in Inline XBRL beginning one year after initial compliance with the related disclosure requirement.

Recommended

ADAM - FinCEN Comment Letter on Unhosted Wallets, 1.4.21
ADAM - FinCEN Comment Letter on Unhosted Wallets, 1.4.21ADAM - FinCEN Comment Letter on Unhosted Wallets, 1.4.21
ADAM - FinCEN Comment Letter on Unhosted Wallets, 1.4.21MichelleBond14
 
Legal Shorts 11.12.15 including FCA makes changes to GABRIEL and FCA roundtab...
Legal Shorts 11.12.15 including FCA makes changes to GABRIEL and FCA roundtab...Legal Shorts 11.12.15 including FCA makes changes to GABRIEL and FCA roundtab...
Legal Shorts 11.12.15 including FCA makes changes to GABRIEL and FCA roundtab...Cummings
 
A Look At Evolving Cybersecurity Policy for Financial Institutions 2021
A Look At Evolving Cybersecurity Policy for Financial Institutions 2021A Look At Evolving Cybersecurity Policy for Financial Institutions 2021
A Look At Evolving Cybersecurity Policy for Financial Institutions 2021Dawn Yankeelov
 
Amla
AmlaAmla
Amlaelizaveta_ell
 
Staff Report on Algorithmic Trading in US Capital Markets
Staff Report on Algorithmic Trading in US Capital MarketsStaff Report on Algorithmic Trading in US Capital Markets
Staff Report on Algorithmic Trading in US Capital Marketsmustafa sarac
 
CTEK-Investor-Presentation-May-2021-1.pptx
CTEK-Investor-Presentation-May-2021-1.pptxCTEK-Investor-Presentation-May-2021-1.pptx
CTEK-Investor-Presentation-May-2021-1.pptxZharfanHanif
 
QMV Pensions & Superannuation Regulatory Update - September 2018
QMV Pensions & Superannuation Regulatory Update - September 2018QMV Pensions & Superannuation Regulatory Update - September 2018
QMV Pensions & Superannuation Regulatory Update - September 2018Jonathan Steffanoni
 
Legal shorts 1.11.13 including how to start a fund and the future of the in...
Legal shorts 1.11.13 including how to start a fund and the future of the in...Legal shorts 1.11.13 including how to start a fund and the future of the in...
Legal shorts 1.11.13 including how to start a fund and the future of the in...Cummings
 

Recommended

ADAM - FinCEN Comment Letter on Unhosted Wallets, 1.4.21
ADAM - FinCEN Comment Letter on Unhosted Wallets, 1.4.21ADAM - FinCEN Comment Letter on Unhosted Wallets, 1.4.21
ADAM - FinCEN Comment Letter on Unhosted Wallets, 1.4.21MichelleBond14
 
Legal Shorts 11.12.15 including FCA makes changes to GABRIEL and FCA roundtab...
Legal Shorts 11.12.15 including FCA makes changes to GABRIEL and FCA roundtab...Legal Shorts 11.12.15 including FCA makes changes to GABRIEL and FCA roundtab...
Legal Shorts 11.12.15 including FCA makes changes to GABRIEL and FCA roundtab...Cummings
 
A Look At Evolving Cybersecurity Policy for Financial Institutions 2021
A Look At Evolving Cybersecurity Policy for Financial Institutions 2021A Look At Evolving Cybersecurity Policy for Financial Institutions 2021
A Look At Evolving Cybersecurity Policy for Financial Institutions 2021Dawn Yankeelov
 
Amla
AmlaAmla
Amlaelizaveta_ell
 
Staff Report on Algorithmic Trading in US Capital Markets
Staff Report on Algorithmic Trading in US Capital MarketsStaff Report on Algorithmic Trading in US Capital Markets
Staff Report on Algorithmic Trading in US Capital Marketsmustafa sarac
 
CTEK-Investor-Presentation-May-2021-1.pptx
CTEK-Investor-Presentation-May-2021-1.pptxCTEK-Investor-Presentation-May-2021-1.pptx
CTEK-Investor-Presentation-May-2021-1.pptxZharfanHanif
 
QMV Pensions & Superannuation Regulatory Update - September 2018
QMV Pensions & Superannuation Regulatory Update - September 2018QMV Pensions & Superannuation Regulatory Update - September 2018
QMV Pensions & Superannuation Regulatory Update - September 2018Jonathan Steffanoni
 
Legal shorts 1.11.13 including how to start a fund and the future of the in...
Legal shorts 1.11.13 including how to start a fund and the future of the in...Legal shorts 1.11.13 including how to start a fund and the future of the in...
Legal shorts 1.11.13 including how to start a fund and the future of the in...Cummings
 
Legal shorts 14.11.13 including AIFMD proportionality and EMIR implementation
Legal shorts 14.11.13 including AIFMD proportionality and EMIR implementationLegal shorts 14.11.13 including AIFMD proportionality and EMIR implementation
Legal shorts 14.11.13 including AIFMD proportionality and EMIR implementationCummings
 
Initio Regulatory newsletter august 2019
Initio Regulatory newsletter august 2019Initio Regulatory newsletter august 2019
Initio Regulatory newsletter august 2019Initio
 
EY thought leadership - SEC issues guidance on cybersecurity
EY thought leadership - SEC issues guidance on cybersecurityEY thought leadership - SEC issues guidance on cybersecurity
EY thought leadership - SEC issues guidance on cybersecurityJulien Boucher
 
The Insurance Reporting Challenge: Building an Integrated Framework
The Insurance Reporting Challenge: Building an Integrated FrameworkThe Insurance Reporting Challenge: Building an Integrated Framework
The Insurance Reporting Challenge: Building an Integrated FrameworkAccenture Insurance
 
The Anti-Money Laundering Act of 2020: Initial Catalysts, Current Implication...
The Anti-Money Laundering Act of 2020: Initial Catalysts, Current Implication...The Anti-Money Laundering Act of 2020: Initial Catalysts, Current Implication...
The Anti-Money Laundering Act of 2020: Initial Catalysts, Current Implication...Aggregage
 
7 Compliance & Financial Crime Trends for 2023 - Lucinity.pdf
7 Compliance & Financial Crime Trends for 2023 - Lucinity.pdf7 Compliance & Financial Crime Trends for 2023 - Lucinity.pdf
7 Compliance & Financial Crime Trends for 2023 - Lucinity.pdfonline Marketing
 
ICT Risk Management and ICT third party risk Objectives
ICT Risk Management and ICT third party risk Objectives ICT Risk Management and ICT third party risk Objectives
ICT Risk Management and ICT third party risk Objectives ssuser382ff5
 
Cyber Security Unit laws_and_regulatory_requirements.pptx
Cyber Security Unit laws_and_regulatory_requirements.pptxCyber Security Unit laws_and_regulatory_requirements.pptx
Cyber Security Unit laws_and_regulatory_requirements.pptxSourabhNath4
 
S26: Techsauce | A New World of FinTech Regulation: What the Future Holds (23...
S26: Techsauce | A New World of FinTech Regulation: What the Future Holds (23...S26: Techsauce | A New World of FinTech Regulation: What the Future Holds (23...
S26: Techsauce | A New World of FinTech Regulation: What the Future Holds (23...Kullarat Phongsathaporn
 
FFIEC overview
FFIEC overviewFFIEC overview
FFIEC overviewMatilda Barbayanni
 
Technology Facilitating the Regulatory Reporting
Technology Facilitating the Regulatory ReportingTechnology Facilitating the Regulatory Reporting
Technology Facilitating the Regulatory ReportingNIIT Technologies
 
NIIT Technologies regulatory reporting
NIIT Technologies regulatory reportingNIIT Technologies regulatory reporting
NIIT Technologies regulatory reportingNIIT Technologies
 
A summary of Solvency II Directives
A summary of Solvency II DirectivesA summary of Solvency II Directives
A summary of Solvency II DirectivesHEXANIKA
 
A summary of solvency ii directives
A summary of solvency ii directivesA summary of solvency ii directives
A summary of solvency ii directivesYogesh Pandit
 
2020 SEC Whistleblower Practice Guide
2020 SEC Whistleblower Practice Guide2020 SEC Whistleblower Practice Guide
2020 SEC Whistleblower Practice GuideBenjamin Tugendstein
 
TRIA Cyber Risk Study (GAO)
TRIA Cyber Risk Study (GAO)TRIA Cyber Risk Study (GAO)
TRIA Cyber Risk Study (GAO)JasonSchupp1
 
Investor deck may 2018 needham et presentation and website version
Investor deck may 2018 needham et presentation and website versionInvestor deck may 2018 needham et presentation and website version
Investor deck may 2018 needham et presentation and website versionsynacor2016ir
 
Regulatory Focus April 2018
Regulatory Focus April 2018Regulatory Focus April 2018
Regulatory Focus April 2018Duff & Phelps
 
Kaibac 10 m md mcb investment
Kaibac 10 m md mcb investmentKaibac 10 m md mcb investment
Kaibac 10 m md mcb investmentsmith s
 
Corporate Disclosure in Myanmar – Regulatory Requirements and Sustainability ...
Corporate Disclosure in Myanmar – Regulatory Requirements and Sustainability ...Corporate Disclosure in Myanmar – Regulatory Requirements and Sustainability ...
Corporate Disclosure in Myanmar – Regulatory Requirements and Sustainability ...Ethical Sector
 
Blueprint for an AI Bill of Rights _ OSTP _ The White House.pdf
Blueprint for an AI Bill of Rights _ OSTP _ The White House.pdfBlueprint for an AI Bill of Rights _ OSTP _ The White House.pdf
Blueprint for an AI Bill of Rights _ OSTP _ The White House.pdfInternet Law Center
 
Blueprint-for-an-AI-Bill-of-Rights.pdf
Blueprint-for-an-AI-Bill-of-Rights.pdfBlueprint-for-an-AI-Bill-of-Rights.pdf
Blueprint-for-an-AI-Bill-of-Rights.pdfInternet Law Center
 

More Related Content

Similar to SEC Cybersecurity Rule.pdf

Legal shorts 14.11.13 including AIFMD proportionality and EMIR implementation
Legal shorts 14.11.13 including AIFMD proportionality and EMIR implementationLegal shorts 14.11.13 including AIFMD proportionality and EMIR implementation
Legal shorts 14.11.13 including AIFMD proportionality and EMIR implementationCummings
 
Initio Regulatory newsletter august 2019
Initio Regulatory newsletter august 2019Initio Regulatory newsletter august 2019
Initio Regulatory newsletter august 2019Initio
 
EY thought leadership - SEC issues guidance on cybersecurity
EY thought leadership - SEC issues guidance on cybersecurityEY thought leadership - SEC issues guidance on cybersecurity
EY thought leadership - SEC issues guidance on cybersecurityJulien Boucher
 
The Insurance Reporting Challenge: Building an Integrated Framework
The Insurance Reporting Challenge: Building an Integrated FrameworkThe Insurance Reporting Challenge: Building an Integrated Framework
The Insurance Reporting Challenge: Building an Integrated FrameworkAccenture Insurance
 
The Anti-Money Laundering Act of 2020: Initial Catalysts, Current Implication...
The Anti-Money Laundering Act of 2020: Initial Catalysts, Current Implication...The Anti-Money Laundering Act of 2020: Initial Catalysts, Current Implication...
The Anti-Money Laundering Act of 2020: Initial Catalysts, Current Implication...Aggregage
 
7 Compliance & Financial Crime Trends for 2023 - Lucinity.pdf
7 Compliance & Financial Crime Trends for 2023 - Lucinity.pdf7 Compliance & Financial Crime Trends for 2023 - Lucinity.pdf
7 Compliance & Financial Crime Trends for 2023 - Lucinity.pdfonline Marketing
 
ICT Risk Management and ICT third party risk Objectives
ICT Risk Management and ICT third party risk Objectives ICT Risk Management and ICT third party risk Objectives
ICT Risk Management and ICT third party risk Objectives ssuser382ff5
 
Cyber Security Unit laws_and_regulatory_requirements.pptx
Cyber Security Unit laws_and_regulatory_requirements.pptxCyber Security Unit laws_and_regulatory_requirements.pptx
Cyber Security Unit laws_and_regulatory_requirements.pptxSourabhNath4
 
S26: Techsauce | A New World of FinTech Regulation: What the Future Holds (23...
S26: Techsauce | A New World of FinTech Regulation: What the Future Holds (23...S26: Techsauce | A New World of FinTech Regulation: What the Future Holds (23...
S26: Techsauce | A New World of FinTech Regulation: What the Future Holds (23...Kullarat Phongsathaporn
 
Technology Facilitating the Regulatory Reporting
Technology Facilitating the Regulatory ReportingTechnology Facilitating the Regulatory Reporting
Technology Facilitating the Regulatory ReportingNIIT Technologies
 
NIIT Technologies regulatory reporting
NIIT Technologies regulatory reportingNIIT Technologies regulatory reporting
NIIT Technologies regulatory reportingNIIT Technologies
 
A summary of Solvency II Directives
A summary of Solvency II DirectivesA summary of Solvency II Directives
A summary of Solvency II DirectivesHEXANIKA
 
A summary of solvency ii directives
A summary of solvency ii directivesA summary of solvency ii directives
A summary of solvency ii directivesYogesh Pandit
 
2020 SEC Whistleblower Practice Guide
2020 SEC Whistleblower Practice Guide2020 SEC Whistleblower Practice Guide
2020 SEC Whistleblower Practice GuideBenjamin Tugendstein
 
TRIA Cyber Risk Study (GAO)
TRIA Cyber Risk Study (GAO)TRIA Cyber Risk Study (GAO)
TRIA Cyber Risk Study (GAO)JasonSchupp1
 
Investor deck may 2018 needham et presentation and website version
Investor deck may 2018 needham et presentation and website versionInvestor deck may 2018 needham et presentation and website version
Investor deck may 2018 needham et presentation and website versionsynacor2016ir
 
Regulatory Focus April 2018
Regulatory Focus April 2018Regulatory Focus April 2018
Regulatory Focus April 2018Duff & Phelps
 
Kaibac 10 m md mcb investment
Kaibac 10 m md mcb investmentKaibac 10 m md mcb investment
Kaibac 10 m md mcb investmentsmith s
 
Corporate Disclosure in Myanmar – Regulatory Requirements and Sustainability ...
Corporate Disclosure in Myanmar – Regulatory Requirements and Sustainability ...Corporate Disclosure in Myanmar – Regulatory Requirements and Sustainability ...
Corporate Disclosure in Myanmar – Regulatory Requirements and Sustainability ...Ethical Sector
 

Similar to SEC Cybersecurity Rule.pdf (20)

Legal shorts 14.11.13 including AIFMD proportionality and EMIR implementation
Legal shorts 14.11.13 including AIFMD proportionality and EMIR implementationLegal shorts 14.11.13 including AIFMD proportionality and EMIR implementation
Legal shorts 14.11.13 including AIFMD proportionality and EMIR implementation
 
Initio Regulatory newsletter august 2019
Initio Regulatory newsletter august 2019Initio Regulatory newsletter august 2019
Initio Regulatory newsletter august 2019
 
EY thought leadership - SEC issues guidance on cybersecurity
EY thought leadership - SEC issues guidance on cybersecurityEY thought leadership - SEC issues guidance on cybersecurity
EY thought leadership - SEC issues guidance on cybersecurity
 
The Insurance Reporting Challenge: Building an Integrated Framework
The Insurance Reporting Challenge: Building an Integrated FrameworkThe Insurance Reporting Challenge: Building an Integrated Framework
The Insurance Reporting Challenge: Building an Integrated Framework
 
The Anti-Money Laundering Act of 2020: Initial Catalysts, Current Implication...
The Anti-Money Laundering Act of 2020: Initial Catalysts, Current Implication...The Anti-Money Laundering Act of 2020: Initial Catalysts, Current Implication...
The Anti-Money Laundering Act of 2020: Initial Catalysts, Current Implication...
 
7 Compliance & Financial Crime Trends for 2023 - Lucinity.pdf
7 Compliance & Financial Crime Trends for 2023 - Lucinity.pdf7 Compliance & Financial Crime Trends for 2023 - Lucinity.pdf
7 Compliance & Financial Crime Trends for 2023 - Lucinity.pdf
 
ICT Risk Management and ICT third party risk Objectives
ICT Risk Management and ICT third party risk Objectives ICT Risk Management and ICT third party risk Objectives
ICT Risk Management and ICT third party risk Objectives
 
Cyber Security Unit laws_and_regulatory_requirements.pptx
Cyber Security Unit laws_and_regulatory_requirements.pptxCyber Security Unit laws_and_regulatory_requirements.pptx
Cyber Security Unit laws_and_regulatory_requirements.pptx
 
S26: Techsauce | A New World of FinTech Regulation: What the Future Holds (23...
S26: Techsauce | A New World of FinTech Regulation: What the Future Holds (23...S26: Techsauce | A New World of FinTech Regulation: What the Future Holds (23...
S26: Techsauce | A New World of FinTech Regulation: What the Future Holds (23...
 
FFIEC overview
FFIEC overviewFFIEC overview
FFIEC overview
 
Technology Facilitating the Regulatory Reporting
Technology Facilitating the Regulatory ReportingTechnology Facilitating the Regulatory Reporting
Technology Facilitating the Regulatory Reporting
 
NIIT Technologies regulatory reporting
NIIT Technologies regulatory reportingNIIT Technologies regulatory reporting
NIIT Technologies regulatory reporting
 
A summary of Solvency II Directives
A summary of Solvency II DirectivesA summary of Solvency II Directives
A summary of Solvency II Directives
 
A summary of solvency ii directives
A summary of solvency ii directivesA summary of solvency ii directives
A summary of solvency ii directives
 
2020 SEC Whistleblower Practice Guide
2020 SEC Whistleblower Practice Guide2020 SEC Whistleblower Practice Guide
2020 SEC Whistleblower Practice Guide
 
TRIA Cyber Risk Study (GAO)
TRIA Cyber Risk Study (GAO)TRIA Cyber Risk Study (GAO)
TRIA Cyber Risk Study (GAO)
 
Investor deck may 2018 needham et presentation and website version
Investor deck may 2018 needham et presentation and website versionInvestor deck may 2018 needham et presentation and website version
Investor deck may 2018 needham et presentation and website version
 
Regulatory Focus April 2018
Regulatory Focus April 2018Regulatory Focus April 2018
Regulatory Focus April 2018
 
Kaibac 10 m md mcb investment
Kaibac 10 m md mcb investmentKaibac 10 m md mcb investment
Kaibac 10 m md mcb investment
 
Corporate Disclosure in Myanmar – Regulatory Requirements and Sustainability ...
Corporate Disclosure in Myanmar – Regulatory Requirements and Sustainability ...Corporate Disclosure in Myanmar – Regulatory Requirements and Sustainability ...
Corporate Disclosure in Myanmar – Regulatory Requirements and Sustainability ...
 

More from Internet Law Center

Blueprint for an AI Bill of Rights _ OSTP _ The White House.pdf
Blueprint for an AI Bill of Rights _ OSTP _ The White House.pdfBlueprint for an AI Bill of Rights _ OSTP _ The White House.pdf
Blueprint for an AI Bill of Rights _ OSTP _ The White House.pdfInternet Law Center
 
Blueprint-for-an-AI-Bill-of-Rights.pdf
Blueprint-for-an-AI-Bill-of-Rights.pdfBlueprint-for-an-AI-Bill-of-Rights.pdf
Blueprint-for-an-AI-Bill-of-Rights.pdfInternet Law Center
 
FACT SHEET_ Biden-Harris Administration Secures Voluntary Commitments from Le...
FACT SHEET_ Biden-Harris Administration Secures Voluntary Commitments from Le...FACT SHEET_ Biden-Harris Administration Secures Voluntary Commitments from Le...
FACT SHEET_ Biden-Harris Administration Secures Voluntary Commitments from Le...Internet Law Center
 
Oregon Data Broker Law eff 2024.pdf
Oregon Data Broker Law eff 2024.pdfOregon Data Broker Law eff 2024.pdf
Oregon Data Broker Law eff 2024.pdfInternet Law Center
 
Generative Artificial Intelligence and Data Privacy: A Primer
Generative Artificial Intelligence and Data Privacy: A Primer Generative Artificial Intelligence and Data Privacy: A Primer
Generative Artificial Intelligence and Data Privacy: A Primer Internet Law Center
 
Bipartisan_Privacy_Discussion_Draft_Section_by_Section39.pdf
Bipartisan_Privacy_Discussion_Draft_Section_by_Section39.pdfBipartisan_Privacy_Discussion_Draft_Section_by_Section39.pdf
Bipartisan_Privacy_Discussion_Draft_Section_by_Section39.pdfInternet Law Center
 
ECJ Press Release in Schrems II Decision
ECJ Press Release in Schrems II DecisionECJ Press Release in Schrems II Decision
ECJ Press Release in Schrems II DecisionInternet Law Center
 
Cyber Security Basics for the WFH Economy
Cyber Security Basics for the WFH EconomyCyber Security Basics for the WFH Economy
Cyber Security Basics for the WFH EconomyInternet Law Center
 
Cyber exploitation-law-enforcement-bulletin
Cyber exploitation-law-enforcement-bulletinCyber exploitation-law-enforcement-bulletin
Cyber exploitation-law-enforcement-bulletinInternet Law Center
 
Data Privacy Day - Five Ways to Help Employees be Privacy Aware
Data Privacy Day - Five Ways to Help Employees be Privacy AwareData Privacy Day - Five Ways to Help Employees be Privacy Aware
Data Privacy Day - Five Ways to Help Employees be Privacy AwareInternet Law Center
 
Cyber Report: A New Year with New Laws
Cyber Report: A New Year with New LawsCyber Report: A New Year with New Laws
Cyber Report: A New Year with New LawsInternet Law Center
 
Dumpson v-Ade-opinion-on-default-judgment (1)
Dumpson v-Ade-opinion-on-default-judgment (1)Dumpson v-Ade-opinion-on-default-judgment (1)
Dumpson v-Ade-opinion-on-default-judgment (1)Internet Law Center
 

More from Internet Law Center (20)

Blueprint for an AI Bill of Rights _ OSTP _ The White House.pdf
Blueprint for an AI Bill of Rights _ OSTP _ The White House.pdfBlueprint for an AI Bill of Rights _ OSTP _ The White House.pdf
Blueprint for an AI Bill of Rights _ OSTP _ The White House.pdf
 
Blueprint-for-an-AI-Bill-of-Rights.pdf
Blueprint-for-an-AI-Bill-of-Rights.pdfBlueprint-for-an-AI-Bill-of-Rights.pdf
Blueprint-for-an-AI-Bill-of-Rights.pdf
 
FACT SHEET_ Biden-Harris Administration Secures Voluntary Commitments from Le...
FACT SHEET_ Biden-Harris Administration Secures Voluntary Commitments from Le...FACT SHEET_ Biden-Harris Administration Secures Voluntary Commitments from Le...
FACT SHEET_ Biden-Harris Administration Secures Voluntary Commitments from Le...
 
Oregon Data Broker Law eff 2024.pdf
Oregon Data Broker Law eff 2024.pdfOregon Data Broker Law eff 2024.pdf
Oregon Data Broker Law eff 2024.pdf
 
Generative Artificial Intelligence and Data Privacy: A Primer
Generative Artificial Intelligence and Data Privacy: A Primer Generative Artificial Intelligence and Data Privacy: A Primer
Generative Artificial Intelligence and Data Privacy: A Primer
 
CCPA proposed privacy regs.pdf
CCPA proposed privacy regs.pdfCCPA proposed privacy regs.pdf
CCPA proposed privacy regs.pdf
 
Bipartisan_Privacy_Discussion_Draft_Section_by_Section39.pdf
Bipartisan_Privacy_Discussion_Draft_Section_by_Section39.pdfBipartisan_Privacy_Discussion_Draft_Section_by_Section39.pdf
Bipartisan_Privacy_Discussion_Draft_Section_by_Section39.pdf
 
20200724 edpb faqoncjeuc31118
20200724 edpb faqoncjeuc3111820200724 edpb faqoncjeuc31118
20200724 edpb faqoncjeuc31118
 
ECJ Press Release in Schrems II Decision
ECJ Press Release in Schrems II DecisionECJ Press Release in Schrems II Decision
ECJ Press Release in Schrems II Decision
 
The Road to Schrems II
The Road to Schrems IIThe Road to Schrems II
The Road to Schrems II
 
Cyber Security Basics for the WFH Economy
Cyber Security Basics for the WFH EconomyCyber Security Basics for the WFH Economy
Cyber Security Basics for the WFH Economy
 
FIFA Indictment
FIFA IndictmentFIFA Indictment
FIFA Indictment
 
Cyber exploitation-law-enforcement-bulletin
Cyber exploitation-law-enforcement-bulletinCyber exploitation-law-enforcement-bulletin
Cyber exploitation-law-enforcement-bulletin
 
Data Privacy Day 2020
Data Privacy Day 2020Data Privacy Day 2020
Data Privacy Day 2020
 
Data Privacy Day - Five Ways to Help Employees be Privacy Aware
Data Privacy Day - Five Ways to Help Employees be Privacy AwareData Privacy Day - Five Ways to Help Employees be Privacy Aware
Data Privacy Day - Five Ways to Help Employees be Privacy Aware
 
Cyber Report: A New Year with New Laws
Cyber Report: A New Year with New LawsCyber Report: A New Year with New Laws
Cyber Report: A New Year with New Laws
 
Cal AB 5 - CHAPTER 296
Cal AB 5 - CHAPTER 296Cal AB 5 - CHAPTER 296
Cal AB 5 - CHAPTER 296
 
FTC's Influencer Guide
FTC's Influencer GuideFTC's Influencer Guide
FTC's Influencer Guide
 
Dumpson v-Ade-opinion-on-default-judgment (1)
Dumpson v-Ade-opinion-on-default-judgment (1)Dumpson v-Ade-opinion-on-default-judgment (1)
Dumpson v-Ade-opinion-on-default-judgment (1)
 
Good jobs first backgrounder
Good jobs first backgrounderGood jobs first backgrounder
Good jobs first backgrounder
 

Recently uploaded

VIETNAM – LATEST GUIDE TO CONTRACT MANUFACTURING AND TOLLING AGREEMENTS
VIETNAM – LATEST GUIDE TO CONTRACT MANUFACTURING AND TOLLING AGREEMENTSVIETNAM – LATEST GUIDE TO CONTRACT MANUFACTURING AND TOLLING AGREEMENTS
VIETNAM – LATEST GUIDE TO CONTRACT MANUFACTURING AND TOLLING AGREEMENTSDr. Oliver Massmann
 
Rights of under-trial Prisoners in India
Rights of under-trial Prisoners in IndiaRights of under-trial Prisoners in India
Rights of under-trial Prisoners in IndiaAbheet Mangleek
 
如何办理美国加州大学欧文分校毕业证(本硕)UCI学位证书
如何办理美国加州大学欧文分校毕业证(本硕)UCI学位证书如何办理美国加州大学欧文分校毕业证(本硕)UCI学位证书
如何办理美国加州大学欧文分校毕业证(本硕)UCI学位证书Fir L
 
POLICE ACT, 1861 the details about police system.pptx
POLICE ACT, 1861 the details about police system.pptxPOLICE ACT, 1861 the details about police system.pptx
POLICE ACT, 1861 the details about police system.pptxAbhishekchatterjee248859
 
如何办理密德萨斯大学毕业证(本硕)Middlesex学位证书
如何办理密德萨斯大学毕业证(本硕)Middlesex学位证书如何办理密德萨斯大学毕业证(本硕)Middlesex学位证书
如何办理密德萨斯大学毕业证(本硕)Middlesex学位证书FS LS
 
如何办理纽约州立大学石溪分校毕业证学位证书
如何办理纽约州立大学石溪分校毕业证学位证书 如何办理纽约州立大学石溪分校毕业证学位证书
如何办理纽约州立大学石溪分校毕业证学位证书Fir sss
 
如何办理(Rice毕业证书)莱斯大学毕业证学位证书
如何办理(Rice毕业证书)莱斯大学毕业证学位证书如何办理(Rice毕业证书)莱斯大学毕业证学位证书
如何办理(Rice毕业证书)莱斯大学毕业证学位证书SD DS
 
An Introduction guidance of the European Union Law 2020_EU Seminar 4.pptx
An Introduction guidance of the European Union Law 2020_EU Seminar 4.pptxAn Introduction guidance of the European Union Law 2020_EU Seminar 4.pptx
An Introduction guidance of the European Union Law 2020_EU Seminar 4.pptxKUHANARASARATNAM1
 
Indian Contract Act-1872-presentation.pptx
Indian Contract Act-1872-presentation.pptxIndian Contract Act-1872-presentation.pptx
Indian Contract Act-1872-presentation.pptxSauravAnand68
 
Sports Writing for PISAYyyyyyyyyyyyyyy.pptx
Sports Writing for PISAYyyyyyyyyyyyyyy.pptxSports Writing for PISAYyyyyyyyyyyyyyy.pptx
Sports Writing for PISAYyyyyyyyyyyyyyy.pptxmarielouisetulaytay
 
如何办理(UoM毕业证书)曼彻斯特大学毕业证学位证书
如何办理(UoM毕业证书)曼彻斯特大学毕业证学位证书如何办理(UoM毕业证书)曼彻斯特大学毕业证学位证书
如何办理(UoM毕业证书)曼彻斯特大学毕业证学位证书srst S
 
如何办理(UNK毕业证书)内布拉斯加大学卡尼尔分校毕业证学位证书
如何办理(UNK毕业证书)内布拉斯加大学卡尼尔分校毕业证学位证书如何办理(UNK毕业证书)内布拉斯加大学卡尼尔分校毕业证学位证书
如何办理(UNK毕业证书)内布拉斯加大学卡尼尔分校毕业证学位证书SD DS
 
如何办理佛蒙特大学毕业证学位证书
如何办理佛蒙特大学毕业证学位证书 如何办理佛蒙特大学毕业证学位证书
如何办理佛蒙特大学毕业证学位证书Fir sss
 
如何办理(UCD毕业证书)加州大学戴维斯分校毕业证学位证书
如何办理(UCD毕业证书)加州大学戴维斯分校毕业证学位证书如何办理(UCD毕业证书)加州大学戴维斯分校毕业证学位证书
如何办理(UCD毕业证书)加州大学戴维斯分校毕业证学位证书SD DS
 
Vanderburgh County Sheriff says he will Not Raid Delta 8 Shops
Vanderburgh County Sheriff says he will Not Raid Delta 8 ShopsVanderburgh County Sheriff says he will Not Raid Delta 8 Shops
Vanderburgh County Sheriff says he will Not Raid Delta 8 ShopsAbdul-Hakim Shabazz
 
Alexis O'Connell Alexis Lee mugshot Lexileeyogi 512-840-8791
Alexis O'Connell Alexis Lee mugshot Lexileeyogi 512-840-8791Alexis O'Connell Alexis Lee mugshot Lexileeyogi 512-840-8791
Alexis O'Connell Alexis Lee mugshot Lexileeyogi 512-840-8791BlayneRush1
 
如何办理新加坡南洋理工大学毕业证(本硕)NTU学位证书
如何办理新加坡南洋理工大学毕业证(本硕)NTU学位证书如何办理新加坡南洋理工大学毕业证(本硕)NTU学位证书
如何办理新加坡南洋理工大学毕业证(本硕)NTU学位证书Fir L
 
如何办理伦敦南岸大学毕业证(本硕)LSBU学位证书
如何办理伦敦南岸大学毕业证(本硕)LSBU学位证书如何办理伦敦南岸大学毕业证(本硕)LSBU学位证书
如何办理伦敦南岸大学毕业证(本硕)LSBU学位证书FS LS
 
如何办理(CQU毕业证书)中央昆士兰大学毕业证学位证书
如何办理(CQU毕业证书)中央昆士兰大学毕业证学位证书如何办理(CQU毕业证书)中央昆士兰大学毕业证学位证书
如何办理(CQU毕业证书)中央昆士兰大学毕业证学位证书SD DS
 
Test Identification Parade & Dying Declaration.pptx
Test Identification Parade & Dying Declaration.pptxTest Identification Parade & Dying Declaration.pptx
Test Identification Parade & Dying Declaration.pptxsrikarna235
 

Recently uploaded (20)

VIETNAM – LATEST GUIDE TO CONTRACT MANUFACTURING AND TOLLING AGREEMENTS
VIETNAM – LATEST GUIDE TO CONTRACT MANUFACTURING AND TOLLING AGREEMENTSVIETNAM – LATEST GUIDE TO CONTRACT MANUFACTURING AND TOLLING AGREEMENTS
VIETNAM – LATEST GUIDE TO CONTRACT MANUFACTURING AND TOLLING AGREEMENTS
 
Rights of under-trial Prisoners in India
Rights of under-trial Prisoners in IndiaRights of under-trial Prisoners in India
Rights of under-trial Prisoners in India
 
如何办理美国加州大学欧文分校毕业证(本硕)UCI学位证书
如何办理美国加州大学欧文分校毕业证(本硕)UCI学位证书如何办理美国加州大学欧文分校毕业证(本硕)UCI学位证书
如何办理美国加州大学欧文分校毕业证(本硕)UCI学位证书
 
POLICE ACT, 1861 the details about police system.pptx
POLICE ACT, 1861 the details about police system.pptxPOLICE ACT, 1861 the details about police system.pptx
POLICE ACT, 1861 the details about police system.pptx
 
如何办理密德萨斯大学毕业证(本硕)Middlesex学位证书
如何办理密德萨斯大学毕业证(本硕)Middlesex学位证书如何办理密德萨斯大学毕业证(本硕)Middlesex学位证书
如何办理密德萨斯大学毕业证(本硕)Middlesex学位证书
 
如何办理纽约州立大学石溪分校毕业证学位证书
如何办理纽约州立大学石溪分校毕业证学位证书 如何办理纽约州立大学石溪分校毕业证学位证书
如何办理纽约州立大学石溪分校毕业证学位证书
 
如何办理(Rice毕业证书)莱斯大学毕业证学位证书
如何办理(Rice毕业证书)莱斯大学毕业证学位证书如何办理(Rice毕业证书)莱斯大学毕业证学位证书
如何办理(Rice毕业证书)莱斯大学毕业证学位证书
 
An Introduction guidance of the European Union Law 2020_EU Seminar 4.pptx
An Introduction guidance of the European Union Law 2020_EU Seminar 4.pptxAn Introduction guidance of the European Union Law 2020_EU Seminar 4.pptx
An Introduction guidance of the European Union Law 2020_EU Seminar 4.pptx
 
Indian Contract Act-1872-presentation.pptx
Indian Contract Act-1872-presentation.pptxIndian Contract Act-1872-presentation.pptx
Indian Contract Act-1872-presentation.pptx
 
Sports Writing for PISAYyyyyyyyyyyyyyy.pptx
Sports Writing for PISAYyyyyyyyyyyyyyy.pptxSports Writing for PISAYyyyyyyyyyyyyyy.pptx
Sports Writing for PISAYyyyyyyyyyyyyyy.pptx
 
如何办理(UoM毕业证书)曼彻斯特大学毕业证学位证书
如何办理(UoM毕业证书)曼彻斯特大学毕业证学位证书如何办理(UoM毕业证书)曼彻斯特大学毕业证学位证书
如何办理(UoM毕业证书)曼彻斯特大学毕业证学位证书
 
如何办理(UNK毕业证书)内布拉斯加大学卡尼尔分校毕业证学位证书
如何办理(UNK毕业证书)内布拉斯加大学卡尼尔分校毕业证学位证书如何办理(UNK毕业证书)内布拉斯加大学卡尼尔分校毕业证学位证书
如何办理(UNK毕业证书)内布拉斯加大学卡尼尔分校毕业证学位证书
 
如何办理佛蒙特大学毕业证学位证书
如何办理佛蒙特大学毕业证学位证书 如何办理佛蒙特大学毕业证学位证书
如何办理佛蒙特大学毕业证学位证书
 
如何办理(UCD毕业证书)加州大学戴维斯分校毕业证学位证书
如何办理(UCD毕业证书)加州大学戴维斯分校毕业证学位证书如何办理(UCD毕业证书)加州大学戴维斯分校毕业证学位证书
如何办理(UCD毕业证书)加州大学戴维斯分校毕业证学位证书
 
Vanderburgh County Sheriff says he will Not Raid Delta 8 Shops
Vanderburgh County Sheriff says he will Not Raid Delta 8 ShopsVanderburgh County Sheriff says he will Not Raid Delta 8 Shops
Vanderburgh County Sheriff says he will Not Raid Delta 8 Shops
 
Alexis O'Connell Alexis Lee mugshot Lexileeyogi 512-840-8791
Alexis O'Connell Alexis Lee mugshot Lexileeyogi 512-840-8791Alexis O'Connell Alexis Lee mugshot Lexileeyogi 512-840-8791
Alexis O'Connell Alexis Lee mugshot Lexileeyogi 512-840-8791
 
如何办理新加坡南洋理工大学毕业证(本硕)NTU学位证书
如何办理新加坡南洋理工大学毕业证(本硕)NTU学位证书如何办理新加坡南洋理工大学毕业证(本硕)NTU学位证书
如何办理新加坡南洋理工大学毕业证(本硕)NTU学位证书
 
如何办理伦敦南岸大学毕业证(本硕)LSBU学位证书
如何办理伦敦南岸大学毕业证(本硕)LSBU学位证书如何办理伦敦南岸大学毕业证(本硕)LSBU学位证书
如何办理伦敦南岸大学毕业证(本硕)LSBU学位证书
 
如何办理(CQU毕业证书)中央昆士兰大学毕业证学位证书
如何办理(CQU毕业证书)中央昆士兰大学毕业证学位证书如何办理(CQU毕业证书)中央昆士兰大学毕业证学位证书
如何办理(CQU毕业证书)中央昆士兰大学毕业证学位证书
 
Test Identification Parade & Dying Declaration.pptx
Test Identification Parade & Dying Declaration.pptxTest Identification Parade & Dying Declaration.pptx
Test Identification Parade & Dying Declaration.pptx
 

SEC Cybersecurity Rule.pdf

  • 1. FACT SHEET Public Company Cybersecurity Disclosures; Final Rules U.S. SECURITIES AND EXCHANGE COMMISSION PAGE 1 OF 2 Background In March 2022, the Commission proposed new rules, rule amendments, and form amendments to enhance and standardize disclosures regarding cybersecurity risk management, strategy, governance, and material cybersecurity incidents by public companies that are subject to the reporting requirements of the Securities Exchange Act of 1934. The Commission observed that cybersecurity threats and incidents pose an ongoing and escalating risk to public companies, investors, and market participants. It noted that cybersecurity risks have increased alongside the digitalization of registrants’ operations, the growth of remote work, the ability of criminals to monetize cybersecurity incidents, the use of digital payments, and the increasing reliance on third party service providers for information technology services, including cloud computing technology. The Commission also observed that the cost to companies and their investors of cybersecurity incidents is rising and doing so at an increasing rate. All of these trends underscored the need for improved disclosure. The proposal followed on interpretive guidance issued by Commission staff in 2011 and by the Commission in 2018 on the application of existing disclosure requirements to cybersecurity risk and incidents. Although registrants’ disclosures of material cybersecurity incidents and cybersecurity risk management and governance have improved since the 2011 and 2018 guidance, disclosure practices are inconsistent, necessitating new rules. The proposal was intended to result in consistent, comparable, and decision-useful disclosures that would allow investors to evaluate registrants’ exposure to material cybersecurity risks and incidents as well as registrants’ ability to manage and mitigate those risks. What’s Required New Form 8-K Item 1.05 will require registrants to disclose any cybersecurity incident they determine to be material and describe the material aspects of the nature, scope, and timing of the incident, as well as the material impact or reasonably likely material impact of the incident on the registrant, including its financial condition and results of operations. The Securities and Exchange Commission adopted final rules requiring disclosure of material cybersecurity incidents on Form 8-K and periodic disclosure of a registrant’s cybersecurity risk management, strategy, and governance in annual reports.
  • 2. FACT SHEET | Public Company Cybersecurity Disclosures; Final Rules U.S. SECURITIES AND EXCHANGE COMMISSION PAGE 2 OF 2 Registrants must determine the materiality of an incident without unreasonable delay following discovery and, if the incident is determined material, file an Item 1.05 Form 8-K generally within four business days of such determination. The disclosure may be delayed if the United States Attorney General determines that immediate disclosure would pose a substantial risk to national security or public safety and notifies the Commission of such determination in writing. If the Attorney General indicates that further delay is necessary, the Commission will consider additional requests for delay and may grant such relief through possible exemptive orders. New Regulation S-K Item 106 will require registrants to describe their processes, if any, for assessing, identifying, and managing material risks from cybersecurity threats, as well as whether any risks from cybersecurity threats, including as a result of any previous cybersecurity incidents, have materially affected or are reasonably likely to materially affect the registrant. Item 106 will also require registrants to describe the board of directors’ oversight of risks from cybersecurity threats and management’s role and expertise in assessing and managing material risks from cybersecurity threats. Form 6-K will be amended to require foreign private issuers to furnish information on material cybersecurity incidents that they make or are required to make public or otherwise disclose in a foreign jurisdiction to any stock exchange or to security holders. Form 20-F will be amended to require that foreign private issuers make periodic disclosure comparable to that required in new Regulation S-K Item 106. What’s Next The final rules will become effective 30 days following publication of the adopting release in the Federal Register. With respect to Regulation S-K Item 106 and the comparable requirements in Form 20-F, all registrants must provide such disclosures beginning with annual reports for fiscal years ending on or after December 15, 2023. With respect to compliance with the incident disclosure requirements in Form 8-K Item 1.05 and in Form 6- K, all registrants other than smaller reporting companies must begin complying on the later of 90 days after the date of publication in the Federal Register or December 18, 2023. Smaller reporting companies will have an additional 180 days and must begin complying with Form 8-K Item 1.05 on the later of 270 days from the effective date of the rules or June 15, 2024. With respect to compliance with the structured data requirements, all registrants must tag disclosures required under the final rules in Inline XBRL beginning one year after initial compliance with the related disclosure requirement.