Hot on the heels of the SEC’s proposal last month of new cybersecurity regulations for investment advisers and funds, yesterday the SEC gave notice that it will meet to consider proposing regulatory amendments “regarding cybersecurity risk management, strategy, governance, and incident disclosure.” Although the exact scope of the proposed amendments under consideration by the SEC is not publicly available, the involvement of the SEC’s Division of Corporation Finance makes it likely that public companies will be the subject of any proposal. Similar language about cybersecurity governance and incident disclosure was used recently by the Chair of the SEC to describe regulations that would require public companies to disclose to investors their cybersecurity risk management practices and the occurrence of cybersecurity events, like data breaches.
The open meeting is currently scheduled for March 9, 2022 at 10:00 am Eastern.
James Brennan also contributed to this article.