The US Securities and Exchange Commission (SEC) today proposed amendments to its rules to enhance and standardize disclosures regarding cybersecurity risk management, strategy, governance, and incident reporting by public companies. Public companies may be required to report cybersecurity incidents within 4 days. These disclosures would be made to the investors as cybersecurity is an ‘emerging risk. Such reporting would entail disclosing material cybersecurity incidents and ‘periodic’ reporting to provide updates about previously reported cybersecurity incidents. Read more on SEC website here.
