SEC proposes new rules for public company cybersecurity risk management, strategy, governance & incident disclosures

ARTICLES / APRIL 18, 2022

SEC proposes new rules for public company cybersecurity risk management, strategy, governance & incident disclosures

New rules proposed by the Securities and Exchange Commission will require public companies to disclose material cybersecurity incidents shortly after they occur and describe how they are managing cyber risk, including at the board level. These rules are indented to provide investors with greater clarity on companies’ preparedness levels, but could increase liability for organizations and their directors and officers. To prepare for these new rules, public companies should work with compliance, legal and leadership teams to review cyber risk and security policies and practices while also considering the new rules’ insurance implications.

Click to download Download alert (opens a new window)

by Paul Lynch

VP, Executive Risk Insurance and Claims Counsel

Paul.Lynch@lockton.com (opens a new window)

Alert

Follow Lockton on Facebook
Follow Lockton on Twitter
Follow Lockton on LinkedIn
Follow Lockton on Email