SEC Director Offers Clarification on New Cyber Disclosure Regime

On the cusp of key December 2023 compliance dates, Erik Gerding, Director of the SEC Division of Corporation Finance, issued a statement discussing the SEC’s new Cybersecurity Risk Management, Strategy, Governance and Incident Disclosure rules for public companies. Gerding highlighted “various changes the Commission made from the initial rule proposal; discusse[d] the rationale behind certain aspects of the rules; and attempt[ed] to clear up potential misconceptions, particularly regarding the materiality standard for incident disclosures and the national security/public safety delay provision,” Ropes & Gray partner Amy Jane Longo told the Cybersecurity Law Report. This article parses Gerding’s statement, with practical commentary and compliance best practices from Longo. See “Navigating the SEC’s Newly Adopted Cybersecurity Disclosure and Controls Regime” (Sep. 6, 2023).

To read the full article

Continue reading your article with a CSLR subscription.