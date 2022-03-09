SEC proposes rule changes on reporting hacks, managing cybersecurity risk
Mar. 09, 2022 2:02 PM ETBy: Liz Kiesche, SA News Editor1 Comment
- The Securities and Exchange Commission proposed on Wednesday changes to rules that would standardize and strengthen disclosures about cybersecurity risk by publicly traded companies.
- Among the proposed changes, publicly traded companies would have to disclose a material cybersecurity incident within four business days of its discovery, according to the SEC fact sheet. It would also require companies to provide updates on previously reported incidents and periodic reporting about their policies and procedures to identify and manage cyber risks, their boards' oversight role, and management's role and expertise on the subject.
- "A lot of issuers already provide cybersecurity disclosure to investors," said SEC Chair Gary Gensler in a statement. "I think companies and investors alike would benefit if this information were required in a consistent, comparable, and decision-useful manner."
- The SEC last updated guidance on cybersecurity risks and breaches in 2018.