By John J. Gilluly III, Brent L. Bernell, Louann Fang Richard, Deborah R. Meshulam, Andrew Serwin & Ron Plesco

Cybersecurity risk governance and disclosure has been the subject of a number of recent cyber-focused proposals. As Congress considers imposing broad federal cyber incident notification requirements, the Securities and Exchange Commission (SEC), on March 9, 2022, voted 3-1 to issue proposed new rules that would require publicly traded companies to disclose “cybersecurity incidents” (defined below) in current reports on Form 8-K or Form 6-K for foreign private issuers within four business days of determining that an incident is material and, thereafter, correct prior disclosures when new or additional material information becomes available.

Click here to read the full article.