Listen to this post

The U.S. Securities and Exchange Commission’s (SEC) 2023 Spring Unified Agenda of Regulatory and Deregulatory Actions was released last month and includes an anticipated action date for finalizing rules for cybersecurity disclosure by public companies by October 2023. Our recent Client Alert, published by our Privacy and Cybersecurity practice, provides an overview of the proposed rules, as well as useful guidance on what public companies should be doing to prepare now. The Client Alert discusses the following actions that can help public companies prepare for the SEC’s potential cybersecurity disclosure rules: (1) review incident response plans; (2) assess disclosure controls and procedures; (3) review risk assessment programs; (4) review third party management practices; (5) assign ownership over cybersecurity; and (6) brief the board on cybersecurity risks and incidents.