Proposed Securities and Exchange Commission (SEC) Cybersecurity Rules, Caremark and the Ongoing Risks to (and From) Public Companies
Earlier this spring, the SEC proposed amendments to its rules to “enhance and standardize disclosures regarding cybersecurity risk management, strategy, governance, and incident reporting.” The proposed rules require public companies to provide current reporting about “material” cybersecurity incidents, periodic reporting to provide updates on previous incidents, and information on the company’s policies and procedures to identify and manage cyber-risks. The proposed rules would also require periodic reporting on the board of directors’ oversight of cyber–risk, and management’s role and expertise in assessing and managing cyber-risk.
This Alert was co-authored by J.D. Bridges, Senior Technology Counsel at Theta Lake Inc. and Daniel G. Berick, Partner, Squire Patton Boggs.