Micaela McMurrough, Ashden Fein, David H. Engvall, Caleb Skeath, Kerry Burke, and Shayan Karbassi of Covington and Burling write:
According to a recently-released meeting agenda, the Securities and Exchange Commission’s (“SEC”) upcoming July 26, 2023 meeting will include consideration of adopting rules to enhance disclosures regarding cybersecurity risk management, governance, and incidents by publicly traded companies.
The SEC initially proposed these rules in March 2022. If adopted as proposed, the new rules would require publicly traded companies to publicly disclose a cybersecurity incident within four business days of determining that the incident is material, and to provide disclosure in periodic reports about certain cybersecurity governance practices.
Read more at InsidePrivacy.