SEC Adopts Rules for Public Companies and Foreign Private Issuers on Cybersecurity Risk Management and Incident Disclosures
On July 26, 2023, the Securities and Exchange Commission (the “SEC”) adopted new rules (the “Rules”) that will require public companies and foreign private issuers to disclose material cybersecurity incidents within four business days of discovering such an incident, and provide information regarding their cybersecurity risk management, strategy, and governance on their annual reports. In February 2022, the SEC proposed separate but similar rules relating to cybersecurity risk management for registered investment advisers and registered investment companies (“Proposed Rules Regarding Investment Advisers and Investment Companies”). The Proposed Rules Regarding Investment Advisers and Investment Companies have not been adopted as of the date of this blog.
Under the newly adopted Rules, certain reporting and disclosure requirements will become effective starting in December 2023. For additional details on the Rules, compliance obligations, and other considerations for public companies and foreign private issuers, please see an alert from our Corporate team. For more information about the Proposed Rules Regarding Investment Advisers and Investment Companies, please see our previous blog post.
If you have any questions about the Rules, the Proposed Rules Regarding Investment Advisers and Investment Companies, or the regulation of reporting companies generally, please feel free to contact us.
***
By the Investment Management and Broker-Dealer Team at Kilpatrick Townsend & Stockton
This content is provided by Kilpatrick Townsend & Stockton LLP for informational purposes only and is not intended to advertise our firm’s services, to solicit clients, or to provide legal advice. Viewers should not rely on the posted materials as advice about specific legal problems. Such advice can be rendered only by competent counsel familiar with the particular facts and circumstances involved. Posting and viewing of the materials on our website or in printed form is not intended to constitute the rendering of legal advice or to create an attorney-client relationship with the viewer. If Kilpatrick Townsend & Stockton LLP does not already represent you, and you send us an e-mail, your e-mail will not create an attorney-client relationship and will not be treated as privileged or confidential.
Attorney Advertising – Kilpatrick Townsend & Stockton LLP, 1100 Peachtree Street NE, Suite 2800, Atlanta, GA 30309 | 404-815-6500.
For more information, please refer to our Terms of Use and Privacy Policy.
Disclaimer
While we are pleased to have you contact us by telephone, surface mail, electronic mail, or by facsimile transmission, contacting Kilpatrick Townsend & Stockton LLP or any of its attorneys does not create an attorney-client relationship. The formation of an attorney-client relationship requires consideration of multiple factors, including possible conflicts of interest. An attorney-client relationship is formed only when both you and the Firm have agreed to proceed with a defined engagement.
DO NOT CONVEY TO US ANY INFORMATION YOU REGARD AS CONFIDENTIAL UNTIL A FORMAL CLIENT-ATTORNEY RELATIONSHIP HAS BEEN ESTABLISHED.
If you do convey information, you recognize that we may review and disclose the information, and you agree that even if you regard the information as highly confidential and even if it is transmitted in a good faith effort to retain us, such a review does not preclude us from representing another client directly adverse to you, even in a matter where that information could be used against you.