Skip to main content
icon-search-14x14

SEC Releases New Proposal for Public Company Disclosures of Cybersecurity Incidents, Risk Management, and Governance Policies and Procedures

Client memorandum | March 14, 2022

In a proposal issued last week titled “Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure” (the “Proposal”), the SEC teed up a new cybersecurity disclosure and reporting rule, following February’s proposal for SEC-registered funds and investment companies to manage and disclose cybersecurity risks and report incidents.  If approved, the Proposal would require (i) current reporting of cybersecurity incidents within four business days after a company has determined that an incident is material, with periodic updates about such previously reported incidents (with no delayed disclosure exceptions based on ongoing law enforcement investigations); and (ii) periodic disclosures regarding cybersecurity risk management, board and management oversight, and director cybersecurity expertise.  In this memorandum, we summarize the Proposal and set forth some recommendations for registrants to consider.
 

Additional information

icon View File

This communication is for general information only. It is not intended, nor should it be relied upon, as legal advice. In some jurisdictions, this may be considered attorney advertising. Please refer to the firm’s data policy page for further information.

Email Disclaimer

I have read and understood the terms of use of this web site which appear below, and specifically agree to those terms, on behalf of myself and anyone else on whose behalf I am contacting anyone at Fried Frank using this site or in any way connected with this site:

The information and materials offered on this site are for general informational purposes only, do not constitute and should not be considered to be legal advice, and are presented without any representation or warranty whatsoever, including as to the accuracy or completeness of the information. No one should, or is entitled to, rely in any manner on any of the information at this site. Parties seeking advice should consult with legal counsel familiar with their particular circumstances.

Prior results do not guarantee a similar outcome.

No attorney-client relationship is created by our transmission of information from this site or by any communication by others to us (or to any of our attorneys, staff, employees, agents or representatives) through or in any way connected with this site. Users communicating with us (or to any of our attorneys, staff, employees, agents or representatives) are cautioned that we do not undertake to hold such communications or their contents in confidence and, accordingly, that they should be careful not to communicate confidential information to us. Users are further cautioned that we may represent a party directly adverse to them either now or at a later date, and that we remain free to do so notwithstanding any information which is communicated to us by the user or any other person or any solicitation of our services by the user or any other person. An attorney-client relationship between Fried Frank and users of this site or anyone else is created only by a written engagement letter signed by a partner of Fried Frank, and no course of communication shall constitute an undertaking to receive confidential information in connection with a discussion of possible future representation unless such undertaking is contained in a written letter agreement signed by a partner of Fried Frank specifying the conditions of such receipt and countersigned by a person with authority to bind the prospective client.

Links to information on sites other than those operated by, or on behalf of, Fried Frank are for your convenience only and are not an endorsement or recommendation of those sites. Fried Frank does not take any responsibility for information at these sites, nor makes any representation or warranty with respect to these sites or their information.

By clicking "Accept", I specifically agree to these terms, on behalf of myself and anyone else on whose behalf I am contacting anyone at Fried Frank.