Public companies should take note of proposed SEC cybersecurity disclosure requirements and shore up their incident reporting programs.
Cybercrime has become increasingly costly for businesses of all sizes and to their investors. High-profile security breaches at large publicly traded companies have made it clear to the public that many – if not most – organizations are vulnerable.
Because of the increased risks cyber incidents pose to investors, on March 9, 2022, the Securities and Exchange Commission (SEC) proposed new cybersecurity disclosure requirements intended to increase the transparency of publicly traded organizations’ cybersecurity practices to their investors. The new rules would require public companies to disclose material cybersecurity incidents and report on their cybersecurity management practices and board oversight. Organizations should consider taking steps now to improve or refine their reporting processes in anticipation of the final rule.