To the Point - SEC adopts disclosure requirements for cybersecurity incidents and risk management and governance


The SEC adopted rules to enhance and standardize disclosures by requiring registrants to timely report on cybersecurity incidents on Forms 8-K and 6-K and make disclosures about their cybersecurity risk management, strategy and governance in annual reports on Form 10-K and Form 20-F. Calendar-year registrants must provide the risk management, strategy and governance disclosures in their 2023 annual reports. Most registrants must comply with the incident disclosure requirements on the later of 90 days after publication in the Federal Register or 18 December 2023.

Download PDF