In March 2022, the Securities and Exchange Commission proposed new rules, amendments, and form amendments to enhance and standardize disclosures regarding cybersecurity risk management, strategy, governance, and material cybersecurity incidents by public companies subject to the Securities Exchange Act of 1934. The proposed new rules have now been finalized.
The new requirements include:
- Form 8-K Item 1.05: Disclosure of any material cybersecurity incident, including the material impact of the incident. If an incident is determined to be material, registrants must file an item 1.05 Form 8-K generally within four business days of such determination. However, disclosure may be delayed if the US Attorney General determines that immediate disclosure would pose a risk.
- S-K Item 106: A description of registrant processes for assessing, identifying, and managing material risks from cybersecurity threats and whether any cybersecurity risks have materially affected or are likely to materially affect the registrant.
- Form 6K: An amendment requiring foreign private issuers to furnish information on material cybersecurity incidents that they make, or are required to make, public or disclose in a foreign jurisdiction to any stock exchange or security holders.
The final rules will be effective 30 days following publication of the adopting release in the Federal Register.
This alert provides general coverage of its subject area. We provide it with the understanding that Frankfurt Kurnit Klein & Selz is not engaged herein in rendering legal advice, and shall not be liable for any damages resulting from any error, inaccuracy, or omission. Our attorneys practice law only in jurisdictions in which they are properly authorized to do so. We do not seek to represent clients in other jurisdictions.
