The Securities and Exchange Commission (SEC) has affirmed its plan to prioritize the adoption of proposed cybersecurity rules for public companies, registered investment advisers, and funds by October 2023, according to the updated Spring 2023 rulemaking agenda. The proposed rules, initially released in early 2022, focus on strengthening cybersecurity governance and ensuring timely disclosure of cyber incidents.
For publicly traded companies, the rules would mandate standardized disclosures around cybersecurity risk management, strategy, and governance. These organizations would also need to report substantial cybersecurity incidents within four business days of their determination and provide regular updates on their policies, procedures, and previous incidents.
Registered investment advisers and investment companies are expected to implement comprehensive cybersecurity policies to mitigate risk. They would also be required to report significant cybersecurity incidents affecting them or the funds they manage to the SEC.
Despite some controversy and criticism regarding the promptness of incident reporting and prescriptive disclosures, the SEC has already adopted numerous rules in their proposed form. It remains uncertain how these final rules will shape up and when firms will need to adjust their disclosures. The SEC has also proposed a cybersecurity rule for broker-dealers and other market participants, with final action expected by April 2024.
Source: Gibson Dunn
To mitigate potential threats, it is important to implement additional cybersecurity measures with the help of a trusted partner like INFRA www.infrascan.net or you can try your self using check.website.