Posted on:
Featured, Insights, Latest Thinking

In response to a significant rise in cybersecurity incidents at public companies and the SEC’s view that there is inconsistent disclosure relating to such incidents, this week, the SEC adopted cybersecurity disclosure rules, with a few notable changes from the proposing release. The final rules will require a U.S. public company to disclose (1) on Form 8-K the occurrence of a material cybersecurity incident within four business days after determining that such incident is material and (2) in the Annual Report on Form 10-K, the company’s risk management, strategy and governance of cybersecurity. Foreign private issuers are subject to similar requirements. In this Alert, we discuss these important new rules in greater detail and provide recommendations on what to do now.

View this Governance & Securities Alert. 

P.J. Himelfarb
Partner
+1 202 682 7208
Bio on Weil.com
Lyuba Goltser
Co-Head of Public Company Advisory Group
+1 212 310 8048
Bio on Weil.com
Howard Dicker
Co-Head of Public Company Advisory Group
+1 212 310 8858
Bio on Weil.com
Steven Bentsianov
Counsel
+1 212 310 8928
Bio on Weil.com
Shira Barron
Associate
+1 212 310 8336
Bio on Weil.com

More from the Governance & Securities Watch

Copyright © 2024 Weil, Gotshal & Manges LLP, All Rights Reserved. The contents of this website may contain attorney advertising under the laws of various states. Prior results do not guarantee a similar outcome. Weil, Gotshal & Manges LLP is headquartered in New York and has office locations in Boston, Brussels, Dallas, Frankfurt, Hong Kong, Houston, London, Miami, Munich, New York, Paris, Shanghai, Silicon Valley and Washington, D.C.