US Securities and Exchange Commission proposes amendments to its rules on disclosures for cybersecurity risk management, strategy, governance and incident reporting by public companies; proposal aims to better inform investors in a timely manner

Sample article from our Government & Public Policy

March 15, 2022 (press release) –

The Securities and Exchange Commission today proposed amendments to its rules to enhance and standardize disclosures regarding cybersecurity risk management, strategy, governance, and incident reporting by public companies.

"Over the years, our disclosure regime has evolved to reflect evolving risks and investor needs," said SEC Chair Gary Gensler. "Today, cybersecurity is an emerging risk with which public issuers increasingly must contend. Investors want to know more about how issuers are managing those growing risks. A lot of issuers already provide cybersecurity disclosure to investors. I think companies and investors alike would benefit if this information were required in a consistent, comparable, and decision-useful manner. I am pleased to support this proposal because, if adopted, it would strengthen investors’ ability to evaluate public companies' cybersecurity practices and incident reporting."

The proposed amendments would require, among other things, current reporting about material cybersecurity incidents and periodic reporting to provide updates about previously reported cybersecurity incidents. The proposal also would require periodic reporting about a registrant’s policies and procedures to identify and manage cybersecurity risks; the registrant’s board of directors' oversight of cybersecurity risk; and management’s role and expertise in assessing and managing cybersecurity risk and implementing cybersecurity policies and procedures. The proposal further would require annual reporting or certain proxy disclosure about the board of directors’ cybersecurity expertise, if any.

The proposed amendments are intended to better inform investors about a registrant's risk management, strategy, and governance and to provide timely notification to investors of material cybersecurity incidents.

The proposing release will be published on SEC.gov and in the Federal Register. The comment period will remain open for 60 days following publication of the proposing release on the SEC's website or 30 days following publication of the proposing release in the Federal Register, whichever period is longer.

* All content is copyrighted by Industry Intelligence, or the original respective author or source. You may not recirculate, redistrubte or publish the analysis and presentation included in the service without Industry Intelligence's prior written consent. Please review our terms of use.

See our dashboard in action - schedule an demo
Dan Rivard
Dan Rivard
- VP Market Development -

We offer built-to-order government & public policy coverage for our clients. Contact us for a free consultation.

About Us

We deliver market news & information relevant to your business.

We monitor all your market drivers.

We aggregate, curate, filter and map your specific needs.

We deliver the right information to the right person at the right time.

Our Contacts

1990 S Bundy Dr. Suite #380,
Los Angeles, CA 90025

+1 (310) 553 0008

About Cookies On This Site

We collect data, including through use of cookies and similar technology ("cookies") that enchance the online experience. By clicking "I agree", you agree to our cookies, agree to bound by our Terms of Use, and acknowledge our Privacy Policy. For more information on our data practices and how to exercise your privacy rights, please see our Privacy Policy.