The new SEC cybersecurity rules are a set of regulations for public companies around cybersecurity risk management, strategy, governance, and material incident disclosure. these new rules are finalized by a 3-2 vote on July 26, 2023. The SEC now requires companies to report on their cybersecurity and risk management practices. Companies are mandated to disclose any cybersecurity incidents with potential material impact within 96 hours.
The requirements include establishing cybersecurity risk management policies, conducting periodic risk assessments, ensuring the presence of adequate incident response plans, and disclosing material cybersecurity events to investors. These regulations aim to increase accountability and transparency among public companies. These new rules affect over 7,000 publicly traded entities. You must now prepare to comply with the SEC’s cybersecurity rules.