The SEC has been on a rulemaking tear in 2022. A month before it announced rules applicable to all companies with publicly traded securities, the SEC proposed sweeping new cybersecurity rules for investment advisers and registered investment funds that would require them to adopt and implement comprehensive cybersecurity policies and procedures, report certain significant cybersecurity incidents to the SEC within 48 hours of discovery and provide enhanced disclosure about cybersecurity risks and incidents. This article details the proposed rules as they apply to registered investment advisers, with commentary from Avi Gesser, a partner at Debevoise & Plimpton, and Clifford E. Kirsch, a partner at Eversheds Sutherland. See “Takeaways From the SEC’s Enhanced Cybersecurity Disclosure Regime for Public Companies
” (Apr. 6, 2022).