The Securities and Exchange Commission (“SEC”) took a decisive step to enhance transparency around cybersecurity breaches. The new regulation obligates publicly traded companies to disclose any cybersecurity breach within a four-day window, subject to exceptions related to national security or public safety.
It's vital to note that the four-day window starts only after companies have determined a breach is material. This provides companies with some time to assess the situation before disclosing it.
Apart from the immediate reporting of breaches, companies must also annually disclose information concerning their cybersecurity risk management and executive expertise. This aims to promote transparency and protect investors.
Overall, this rule emphasizes that cybersecurity is not an optional aspect of corporate governance but an essential aspect of accountability and investor protection. Only time will tell if this approach proves effective in fostering a more secure and transparent corporate landscape.
In the face of these complex and far-reaching changes professional legal assistance can prove invaluable. The attorneys at Outside Legal Counsel LLP can help ensure companies remain in compliance. Please reach out to us for more information about our services and how we can help you navigate the recent changes to the law.
This is not legal advice and is attorney advertising.
Disclaimer: Nothing on this website is or should be construed as legal advice. An attorney-client relationship does not exist with our firm unless a signed retainer agreement is executed, and we do not offer legal advice through this site or any of the content located on it. For legal advice for your particular circumstances, please contact us directly.