The SEC’s Cybersecurity Disclosure Rule: Compliance Tips and Seeking Disclosure Delays

In July 2023, the SEC adopted an entirely new disclosure regime, requiring covered entities to disclose a wide range of corporate cybersecurity governance measures as well as to rapidly disclose material cyber incidents. Public companies are scrambling to address key questions such as:

• What “material events” does the SEC cyber disclosure say must be disclosed?
• How does the SEC expect companies to assess materiality under the new rules, and what does enforcement precedent tell us?
• How should incident response processes, as well as other applicable policies, procedures and controls, be revised?
• What will enforcement look like?
• How can companies best position themselves to utilize the available national security/public safety delay option?
• What can companies do proactively to validate their cybersecurity programs and disclosure mechanisms?

Members of the Pillsbury SEC Cybersecurity team will review and offer thoughts on the above key questions. They will provide practical advice on how to comply with the SEC’s many new requirements and place companies in the best position possible to avoid lengthy disputes with SEC officials. 

For more information and to register, please visit the Practising Law Institute event page.