In March 2022, the Securities and Exchange Commission proposed new rules, amendments, and form amendments to enhance and standardize disclosures regarding cybersecurity risk management, strategy, governance, and material cybersecurity incidents by public companies subject to the Securities Exchange Act of 1934. The proposed new rules have now been finalized.

The new requirements include:

  • Form 8-K Item 1.05: Disclosure of any material cybersecurity incident, including the material impact of the incident. If an incident is determined to be material, registrants must file an item 1.05 Form 8-K generally within four business days of such determination. However, disclosure may be delayed if the US Attorney General determines that immediate disclosure would pose a risk.
  • S-K Item 106: A description of registrant processes for assessing, identifying, and managing material risks from cybersecurity threats and whether any cybersecurity risks have materially affected or are likely to materially affect the registrant.
  • Form 6K: An amendment requiring foreign private issuers to furnish information on material cybersecurity incidents that they make, or are required to make, public or disclose in a foreign jurisdiction to any stock exchange or security holders.

The final rules will be effective 30 days following publication of the adopting release in the Federal Register.

Please contact us with any questions:

Richard Borden

(212) 705 4884

Daniel Goldberg

(310) 579 9616

Maria Nava

(310) 579 9628