The U.S. Securities and Exchange Commission (SEC) enacted new cybersecurity disclosure requirements, that reshaped the regulatory framework for how public corporations manage cyber risk and report material cybersecurity incidents. These new requirements are in response to institutional exposure caused by sophisticated cyberattacks and increase in third-party and supply chain vulnerabilities, theft of intellectual property and social engineering.
The traditional regulatory landscape for cybersecurity disclosure failed to provide consistent and timely information to reasonable investors. The new guidelines imposed by the SEC allow reasonable investors to make informed investment decisions by having ample time to review and evaluate a company’s strategy in managing cyber risk and incidents.
Continue reading here.