On March 9, 2022, the SEC released its newest series of proposed cybersecurity rules, this time for all public companies. Consistent with the proposed rules issued last month for investment advisers and funds, the SEC continues to prioritize cybersecurity disclosures, placing particular emphasis on timely and detailed disclosures of material cybersecurity incidents, as well as on periodic disclosures about cybersecurity risk management and governance.
These proposed rules create significant new disclosure obligations for public companies and represent another step in the SEC’s overarching strategy to create cybersecurity regulations for entities within the SEC’s jurisdiction.