The following post was originally included as part of our recently published memorandum “Selected Issues for Boards of Directors in 2024”.

In July 2023, the U.S. Securities and Exchange Commission (SEC) adopted final rules to enhance and standardize disclosure requirements related to cybersecurity.  In order to comply with the new reporting requirements of the rules, companies will need to make ongoing materiality determinations with respect to cybersecurity incidents and series of related incidents.  The inherent nature of cybersecurity incidents, which are often initially characterized by a high degree of uncertainty around scope and impact, and an SEC that is laser-focused on cybersecurity from both a disclosure and enforcement perspective, combine to present registrants and their boards of directors with a novel set of challenges heading into 2024.Continue Reading Crossing a New Threshold for Material Cybersecurity Incident Reporting

On July 26, 2023, the U.S. Securities and Exchange Commission (the “SEC” or “Commission”) adopted rules to enhance and standardize disclosure requirements related to cybersecurity incident reporting and cybersecurity risk management, strategy, and governance.Continue Reading New SEC Disclosure Rules for Cybersecurity Incidents and Governance and Key Takeaways

Last month, the U.S. Securities and Exchange Commission issued a proposal to enhance and standardize disclosure requirements related to cybersecurity incident reporting and cybersecurity risk management, strategy, and governance. Among other changes, the SEC’s proposal would require disclosure about material cybersecurity incidents within four business days and require annual disclosure regarding a registrant’s policies and