March 14, 2022

SEC Proposes New Rules on Public Company Cybersecurity Disclosures


On March 9, 2022, the U.S. Securities and Exchange Commission (the “SEC”) released proposed amendments (the “Proposed Amendments”) aimed at enhancing and standardizing disclosure relating to cybersecurity risks and incidents. Under the existing regulatory framework, neither Regulation S-K nor Regulation S-X expressly requires that cybersecurity risk management procedures, cybersecurity risks or incidents be disclosed. However, the SEC’s Division of Corporation Finance published disclosure guidance in 2011, which was followed by SEC interpretive guidance issued in 2018, explaining when registrants may be required to disclose information in SEC filings relating to cybersecurity risks and incidents under the principles-based disclosure framework, while considering the materiality of such risks and incidents.

Additional Authors: Kimberly Ayudant and Marc X.W. Leong.

Resource Downloads

Stay Up To Date With Our Insights

See how we use a multidisciplinary, integrated approach to meet our clients' needs.