This July, the SEC voted to adopt final rules on cybersecurity disclosure. As of December 15, companies need to disclose their cyber-risk management, strategy and governance procedures – and then disclose any material cyber incidents by December 18 – under those rules. (Smaller reporting companies have a 180-day deferral.)
Rules recap
In
Free Trial
Register for free to keep reading.
To continue reading this article and unlock full access to GRIP, register now. You’ll enjoy free access to all content until our subscription service launches in early 2026.
- Unlimited access to industry insights
- Stay on top of key rules and regulatory changes with our Rules Navigator
- Ad-free experience with no distractions
- Regular podcasts from trusted external experts
- Fresh compliance and regulatory content every day