By Tom Zanki (March 18, 2022, 6:45 PM EDT) — The U.S. Securities and Exchange Commission’s proposal requiring that companies bolster their cybersecurity disclosures would allow businesses less discretion in how they inform investors of risks, which some attorneys say could create unintended consequences.
The SEC proposal seeks to upgrade a patchwork approach to cybersecurity disclosures, currently shaped by guidance rather than rules, into a more uniform design that would enable investors to better compare companies across industries.
The rules proposed March 9 would require companies to disclose breaches within four days upon determining that an incident was material; update prior disclosures as needed; periodically describe their risk management strategies; and…
Read more