The U.S. Securities and Exchange Commission has proposed new amendments to its rules on cybersecurity disclosures by public companies. Expanding on the SEC's previously issued interpretive guidance from 2018, the proposed rules would "strengthen investors' ability to evaluate public companies' cybersecurity practices and incident reporting.”
With cybersecurity threats continuing to garner headlines, it is imperative that investors have insight into how companies protect themselves and their company information from malicious or bad actors. While many companies disclose cybersecurity data, it is critical to have consistent guidelines for companies to follow.
If adopted, these rules would mandate public companies to disclose the following:
- Regular Cadence on Cyber Incidents: Cybersecurity incident reporting that occurs within the first four days of an incident
- Risk Management, Strategy and Governance: Annual reporting of company strategy, policy and procedures on risk management, and governance practices
- In-House Cybersecurity Expertise: Reporting on senior management and board member cybersecurity expertise.
In addition, these proposed amendments would require companies to tag the key incidents in the form of Inline XBRL in accordance with Rule 405 of Regulation S-T and the EDGAR Filer Manual. This will allow investors and other market participants, to “more efficiently perform large-scale analysis and comparison of this information across [companies] and time periods.”
According to SEC chair Gary Gensler, these proposed rules would help to strengthen investors’ abilities to evaluate public companies by requiring information to be disclosed in a “consistent, comparable and decision-useful manner.”
More information will become available in early May. Until then, DFIN is ready to help companies address these proposed disclosures. As your trusted advisor on all things related to regulation, security, and compliance, we can help you stay prepared and protected.
DFIN will continue to provide you with the latest updates to ensure that you are ready for whatever comes next. Continue to watch this space.