SEC Adopts New Cybersecurity Reporting Rules, Setting Up Various Compliance Challenges

October 17, 2023

The Securities and Exchange Commission has adopted rules requiring public companies to disclose material cybersecurity incidents within four business days and disclose information about their cybersecurity risk management, strategy, and governance annually, to enhance and standardize disclosure on cybersecurity incidents and internal controls in response to the increasing cybersecurity risks faced by companies and affecting investors.

Philip N. Yannella, April Hamlin, and Kelly M. Duffner wrote this Ballard Spahr alert on the topic, which was republished by PLI.  Mr. Yannella co-leads Ballard Spahr's Privacy and Data Security Group, and Ms. Hamlin and Ms. Duffner are members of the firm's Securities and Capital Markets Group.

Read the full article here. (Subscription may be required.)

Subscribe to Ballard Spahr Mailing Lists

Get the latest significant legal alerts, news, webinars, and insights that affect your industry.