By Robert Loesch, Glenn Morrical, and Kristen Baracy

On July 26, 2023, the Securities and Exchange Commission (“SEC”), by a 3-2 vote, approved new disclosure rules designed to enhance and standardize disclosures regarding cybersecurity risk management, strategy, governance, and incidents by public companies that are subject to the reporting…

In the wake of recent notable data breaches, the United States Securities and Exchange Commission issued an interpretive release designed to improve the timeliness and accuracy of public companies’ disclosures of cybersecurity risks and incidents and prevent insider trading.  The SEC’s guidance release and this post raise several issues and concerns that all companies, regardless of size and ownership, need to take seriously to improve their cybersecurity planning and legal compliance.