On July 26, 2023, the SEC adopted amendments to its rules on cybersecurity risk management, strategy, governance and incident reporting by public companies subject to the reporting requirements of the Securities Exchange Act of 1934. The SEC’s view is that cybersecurity threats and incidents pose an ongoing risk to public companies, investors and market participants, as evidenced by the growing number and greater frequency of occurrences of attacks being launched by cyber criminals who are using increasingly sophisticated methods. 

In this Flash Report, we summarize the SEC’s adopted amendments to its rules on cybersecurity disclosures and provide guidance to public companies that will need to comply with these rules as soon as December 2023.