SEC's New Cybersecurity Disclosure Rules Now in Effect

Article

In September, the Securities Exchange Commission’s new Cybersecurity Rule for reporting public companies became effective. The SEC Cybersecurity Rule applies to public companies and generally requires (1) disclosure of material cybersecurity incidents on Form 8K within four days, (2) the firm’s risk assessment and management efforts, and (3) management’s involvement and board’s oversight of these issues. It became effective Sept. 5, 2023, but has various compliance dates depending upon particular issues and company size. Exchange Act Release No. 97989 is here.

The SEC has a pending rule proposal that would impose similar requirements upon Wall Street firms. The industry cybersecurity rule, if adopted, generally will require (1) written policies and procedures to assess and manage cybersecurity risks and incidents, (2) immediate notice to the SEC of “significant incidents,” and (3) public disclosures to provide greater transparency around cybersecurity risks. The Proposal, Exchange Act Release No. 97142, is here.

In its Sept. 27 Corporate Notice, the Financial Industry Regulatory Authority (“FINRA”) shined a light on its various cybersecurity efforts. FINRA recently updated its Small Firm Cybersecurity Checklist – a resource for firms establishing or assessing their cybersecurity programs. 

FINRA also offers a Firm Checklist for Compromised Accounts. General resources are collected on FINRA’s Cybersecurity topic page.

Burr
Jump to Page

Contact Us

About Burr & Forman Cybersecurity & Data Privacy Law

Burr & Forman's experienced team helps clients navigate the complex cybersecurity and data privacy landscape with strategies designed to assess current risks, develop a corrective action plan, implement best practices, and provide immediate and appropriate responses to a cybersecurity breach.

We use cookies to improve your website experience, provide additional security, and remember you when you return to the website. This website does not respond to "Do Not Track" signals. By clicking "Accept," you agree to our use of cookies. To learn more about how we use cookies, please see our Privacy Policy.

Necessary Cookies

Necessary cookies enable core functionality such as security, network management, and accessibility. These cookies may only be disabled by changing your browser settings, but this may affect how the website functions.


Analytical Cookies

Analytical cookies help us improve our website by collecting and reporting information on its usage. We access and process information from these cookies at an aggregate level.