SEC Adopts Cybersecurity Disclosure Rules
By Alan J. Wilson, WilmerHale
On July 26, 2023, in a 3–2 vote, the Securities and Exchange Commission (the “SEC”) adopted new rules for public companies that will require disclosures regarding cybersecurity incidents, as well as cybersecurity risk management, strategy, and governance. The new rules and amendments include current and periodic reporting requirements, with disclosures required in Forms 8-K, 6-K, 10-K ,and 20-F, and associated inline XBRL tagging requirements. The new requirements apply broadly to all public companies, including foreign private issuers, emerging growth companies, and smaller reporting companies. In general, companies other than smaller reporting companies will first be required to comply with the new current reporting requirements in Forms 8-K and 6-K before year-end. The annual reporting requirements in Forms 10-K and 20-F apply to all companies starting with their Forms 10-K and 20-F filed in early 2024.
For an expanded discussion of these new rules, see the WilmerHale post linked here.