Micaela McMurrough, Ashden Fein, Caleb Skeath, and Shayan Karbassi of Covington & Burling write:
Earlier this week, the Securities and Exchange Commission (“SEC”) published an update to its rulemaking agenda indicating that it does not plan to approve two proposed cyber rules until at least October 2023 (the agenda’s timeframe is an estimate). The proposed rules in question address disclosure requirements regarding cybersecurity governance and cybersecurity incidents at publicly traded companies and registered investment advisers and funds.
Read more at InsidePrivacy.