left-caret

Rapid Rulemaking: SEC Update

The SEC Adopts Cybersecurity Disclosure Regime for Public Companies

July 26, 2023

By Sean Donahue,Brad Bondi,Aaron Charfoos,Kenneth P. Herzinger,Spencer Francis Young,& Jeremy Berkowitz

On July 26, 2023, the U.S. Securities and Exchange Commission adopted enhanced disclosure requirements regarding cybersecurity risk management, strategy, governance and incident reporting for public companies. The final rules reflect a less stringent regime than initially proposed. The amendments call for (1) real-time disclosure of cybersecurity incidents on Form 8-K or Form 6-K, as applicable, and (2) annual disclosure of an issuer’s cybersecurity risk assessment processes and the respective roles of its board of directors and management in overseeing and managing cybersecurity threats. Companies should be preparing now for the rules’ coming effectiveness.

Click here for a PDF of the full text

Practice Areas

Data Privacy and Cybersecurity

Securities and Capital Markets


For More Information

Image: Sean Donahue
Sean Donahue

Partner, Corporate Department

Image: Brad Bondi
Brad Bondi

Partner, Litigation Department

Image: Aaron Charfoos
Aaron Charfoos

Partner, Litigation Department

Image: Kenneth P. Herzinger
Kenneth P. Herzinger

Partner, Litigation Department

Image: Spencer Francis Young
Spencer Francis Young

Senior Practice Group Attorney

Image: Jeremy Berkowitz
Jeremy Berkowitz

Senior Privacy Director and Deputy Chief Privacy Officer