On March 9, 2022, the Securities and Exchange Commission (“Commission”) issued its much-anticipated proposed rule amendments which would mandate certain cybersecurity disclosures for public companies (“Proposed Rules”). If adopted, the Proposed Rules could have a meaningful impact on the current and periodic reporting process, and complicate incident response, by requiring companies to disclose (i) any material cybersecurity incidents on Form 8-K within four (4) days after determining such a breach is material, (ii) its governance, risk management, and strategy with respect to cybersecurity policies and risks, and (iii) the board of director’s cybersecurity expertise. The Proposed Rules also would apply to annual filings of foreign private issues, in order to maintain consistency with domestic registrants.
The Commission noted in its announcement…
