SEC Adopts New Cybersecurity Reporting Rules, Setting Up Various Compliance Challenges
The Securities and Exchange Commission has adopted rules requiring public companies to disclose material cybersecurity incidents within four business days and disclose information about their cybersecurity risk management, strategy, and governance annually, to enhance and standardize disclosure on cybersecurity incidents and internal controls in response to the increasing cybersecurity risks faced by companies and affecting investors.
Philip N. Yannella, April Hamlin, and Kelly M. Duffner wrote this Ballard Spahr alert on the topic, which was republished by PLI. Mr. Yannella co-leads Ballard Spahr's Privacy and Data Security Group, and Ms. Hamlin and Ms. Duffner are members of the firm's Securities and Capital Markets Group.
Read the full article here. (Subscription may be required.)