Stock Groups

SEC votes to propose new cybersecurity rules

[ad_1]

Traders at the NYSE floor, March 2, 2022.

Source: NYSE

On Wednesday, the Securities and Exchange Commission will vote to approve new cybersecurity regulations for public companies.  

The proposal consists of two parts:

  1. Reporting cybersecurity incidents is mandatoryMaterial incidents must be reported within 4 business days. The SEC is trying to make companies disclose cybersecurity incidents, but the agency describes the reporting as inconsistent. 
  2. Disclosures are required on policies of companies to address cybersecurity risksUpdates must be provided by companies on cybersecurity incidents that have been reported previously. 

Proposed amendments will then be made available for public comments. The period will last either 30 or 60 calendar days, depending on when they are published in Federal Register.

The SEC is pushing for greater cybersecurity disclosure. On Feb. 9, the SEC issued proposed rules related to cybersecurity policies for investment advisors and registered funds, which are still out for public comment.

Public companies are now being looked at by regulators.

Gary Gensler, SEC Chair, stated that many issuers provide cybersecurity disclosures to investors. I believe that investors and companies would both benefit from this consistent and comparable information.

SEC spokeswoman said that while these ideas had been considered for some time but had gained “special relevance” due to the Ukraine crisis.

Cybersecurity is only one part. ambitious regulatory agendaGensler has laid it out. The SEC is currently considering over 50 proposals, making it one of the most extensive regulatory agendas for decades.

[ad_2]