Additional author Marc X.W. Leong
On July 26, 2023, the U.S. Securities and Exchange Commission (the “SEC”) issued a release, adopting final rules (the “Final Rules”) aimed at standardizing and enhancing disclosure relating to cybersecurity incidents and risk management processes. The SEC had proposed rules (the “Proposed Rules”) on March 9, 2022. The Final Rules reflect the considerable comments received on the Proposed Rules, resulting in far narrower and streamlined requirements, though still imposing significant new requirements on registrants.