On March 9, 2022, the SEC proposed new disclosure requirements for public companies relating to cybersecurity risk management, strategy, governance, and incident reporting.
While acknowledging that “[a] lot of issuers already provide cybersecurity disclosures to investors,” SEC Chair Gary Gensler stated that “companies and investors alike would benefit if this information were required in a consistent, comparable, and decision-useful manner.” In other words, consistent with other proposals adopted during Chair Gensler’s tenure, these proposals are rules-based rather than principles-based.
Specifically, the new rules would require
- Timely current reporting of material cybersecurity incidents on Form 8-K;
- Updated disclosure of previously disclosed incidents and when previously undisclosed immaterial incidents become material in the aggregate;
- Disclosure of corporate policies and procedures to identify and manage cybersecurity risks;
- Disclosure of management’s role in implementing cybersecurity policies and procedures; and
- Reporting of board cybersecurity expertise, if any, and oversight of cybersecurity risk.
The last item raises particular concerns, as it may lead to selecting directors based on a particular skill set rather than directors with broad experience and skills, as well as the requisite degree of collegiality and other abilities needed for a strong board.
The proposals are subject to public comment for 60 days following publication of the proposing release on the SEC’s website or 30 days following publication of the proposing release in the Federal Register, whichever period is longer.
Please direct any questions or observations to Gunster securities law and corporate governance practice leader Bob Lamm.
YES! PLEASE SIGN ME UP TO RECEIVE EMAIL ALERTS FROM OTHER GUNSTER PRACTICE AREAS.
This publication is for general information only. It is not legal advice, and legal counsel should be contacted before any action is taken that might be influenced by this publication.
Gunster, Florida’s law firm for business, provides full-service legal counsel to leading organizations and individuals from its 11 offices statewide. Established in 1925, the firm has expanded, diversified and evolved, but always with a singular focus: Florida and its clients’ stake in it. A magnet for business-savvy attorneys who embrace collaboration for the greatest advantage of clients, Gunster’s growth has not been at the expense of personalized service but because of it. The firm serves clients from its offices in Boca Raton, Fort Lauderdale, Jacksonville, Miami, Orlando, Palm Beach, Stuart, Tallahassee, Tampa, Vero Beach, and its headquarters in West Palm Beach. With over 200 attorneys and 200 committed support staff, Gunster is ranked among the National Law Journal’s list of the 500 largest law firms and has been recognized as one of the Top 100 Diverse Law Firms by Law360. More information about its practice areas, offices and insider’s view newsletters is available at www.gunster.com.