This July, the SEC voted to adopt final rules on cybersecurity disclosure. As of December 15, companies need to disclose their cyber-risk management, strategy and governance procedures – and then disclose any material cyber incidents by December 18 – under those rules. (Smaller reporting companies have a 180-day deferral.)
Rules recap
In