As we previously discussed in greater detail, earlier this year the U.S. Securities and Exchange Commission adopted cybersecurity disclosure rules that require a U.S. public company to disclose (1) on Form 8-K (Item 1.05) the occurrence of a material cybersecurity incident within four business days after determining that such incident is material and (2) in the Annual Report on Form 10-K (Item 1C), the company’s risk management, strategy and governance of cybersecurity. Foreign private issuers (FPIs) are subject to similar requirements.

View this Governance & Securities Alert.