U.S. Securities and Exchange Commission Finalizes Cybersecurity Disclosure Rules
The U.S. Securities and Exchange Commission adopted final rules requiring that public companies disclose material cybersecurity incidents. The rules also require periodic disclosure of a public company’s cybersecurity risk management, strategy, and governance in annual reports.
According to the rules, new forms will require public companies to disclose any cybersecurity incident they determine to be material. The forms also seek ...