Traders on the floor of the NYSE, March 2, 2022.
The Securities and Exchange Commission is voting on Wednesday to propose new cybersecurity rules for public companies.
There are two components to the proposal:
- Mandatory cybersecurity incident reporting: “Material” incidents would have to be reported on an 8-K form within four business days of the incident. While the SEC has sought to get companies to disclose cybersecurity incidents since 2011, the agency has described the reporting of incidents as “inconsistent.”
- Required disclosures on company policies to manage cybersecurity risks: Companies must also provide updates on previously reported material cybersecurity…