The SEC has scheduled an open meeting on Wednesday to decide on the adoption of eagerly anticipated cybersecurity incident and governance reporting rules. If the agency adopts rules that align with what it proposed last year, the rules are likely to mandate that public companies disclose material cybersecurity incidents promptly upon identification. Additionally, they are expected to require annual disclosures about cybersecurity risk management, strategy and governance at the board and management level. We anticipate the agency will release final rules after the meeting, after which we will provide a comprehensive alert with full details. Want to watch the meeting? The SEC’s agenda has details on how to do that.
- How-to guide How-to guide: How to manage your organization’s data privacy and security risks (USA)
- How-to guide How-to guide: How to develop a vulnerability disclosure program (VDP) for your organization to ensure cybersecurity (USA)
- How-to guide How-to guide: How to develop, implement and maintain a US information and data security compliance program (USA)