The U.S. Securities and Exchange Commission proposed rules that will require public disclosure not only of cybersecurity incidents, but also of aspects of public companies’ preparedness for cyber threats. The proposed rules set a short time frame for reporting “material” compromises, and the rules do not provide for delayed disclosure at the request of law enforcement or other investigators.

The comment period for the proposed rules ends on May 9, 2022.

Read More