Understanding the New Rules
On July 26, 2023, the Securities and Exchange Commission adopted new requirements to enhance and standardize disclosures related to cybersecurity risk management, strategy, governance, and incident response for public companies subject to the Securities Exchange Act of 1934. These new reporting regulations require that companies provide annual disclosures of cybersecurity risk management, strategy, and process governance via the 10-K. Beyond reporting annually as to a firm’s cybersecurity strategy and the role of management and the Board in executing and governing the strategy, companies must also disclose any material incidents via an 8-K.