In the wake of the SEC's new rule requiring prompt disclosure of cybersecurity incidents, incident response (IR) teams have asked how they should modify IR plans to promote compliance with the new rule. We have summarized the SEC's new rules here and discussed some of the nuances of materiality determinations here. In a separate article, we provide a detailed breakdown of how the new reporting rule affects IR teams and how covered companies can organize IR plans to incorporate timely materiality assessments and disclosures when necessary.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.