SEC Cyber Rules: How to Prepare for the New 8-K Incident Mandate

The SEC this spring proposed rules for companies to publicly disclose more details about their cybersecurity programs and significant incidents they suffer. This two-part article series explains practical steps that companies can take to meet the challenges of the imminent rules. Part one discusses five key impacts of the 8‑K disclosure provisions, which include a four-day deadline to report an event that is material to a company’s operations. Part two will offer perspective and insights on addressing the new requirements for 10-K annual reporting. See “Takeaways From the SEC’s Enhanced Cybersecurity Disclosure Regime for Public Companies” (Apr. 6, 2022).

To read the full article

Continue reading your article with a CSLR subscription.