The SEC Finalizes Cybersecurity Rules: Public Companies Carefully Prepare and Adapt

In July 2023, the U.S. Securities and Exchange Commission (SEC) adopted new rules—colloquially called the SEC Cybersecurity Rules—for public companies subject to the Securities Exchange Act of 1934 reporting requirements. Since its draft release in March 2022, the community has expressed significant concerns and ample feedback from public filing companies and cybersecurity firms. 

This article discusses the main takeaways for corporate board members and cybersecurity leaders, including: 

• Key themes from the SEC Cybersecurity Rules and the takeaways and undertones that are often missed. 
• The SEC’s motivations and history related to cybersecurity regulations and guidance. 
• Frequently asked questions leading boards are asking of their cyber and compliance teams. 

*The file is an Adobe Acrobat PDF. If you experience difficulty opening the downloadable file, you may need to download the free Acrobat Reader.