"SEC Adopts New Cybersecurity Incident Disclosure Rules for Companies"

The Securities and Exchange Commission (SEC) has adopted rules requiring registrants to disclose material cybersecurity incidents they experience and to annually disclose material information regarding their cybersecurity risk management, strategy, and governance. In addition, the Commission adopted rules requiring foreign private issuers to disclose similar information. The new rules will require registrants to disclose on the new Item 1.05 of Form 8-K any cybersecurity incident they deem material, along with a description of the nature, scope, and timing of the incident, as well as its material impact or reasonably likely material impact on the registrant. A registrant is generally required to submit an Item 1.05 Form 8-K within four business days after determining that a cybersecurity incident is material. This article continues to discuss the new cybersecurity incident disclosure rules adopted by SEC for companies. 

Help Net Security reports "SEC Adopts New Cybersecurity Incident Disclosure Rules for Companies"