In September, the Securities Exchange Commission’s new Cybersecurity Rule for reporting public companies became effective. The SEC Cybersecurity Rule applies to public companies and generally requires (1) disclosure of material cybersecurity incidents on Form 8K within four days, (2) the firm’s risk assessment and management efforts, and (3) management’s involvement and board’s oversight of these issues. It became effective Sept. 5, 2023, but has various compliance dates depending upon particular issues and company size. Exchange Act Release No. 97989 is here.
Posts from September 2023.