SEC Requires Companies, Including Crypto Firms, to Report Cybersecurity Incidents
Starting this year, companies, including those in the crypto industry, will be required by the Securities and Exchange Commission (SEC) to report their cybersecurity incidents and strategies. The new rule aims to enhance trust between investors and public companies by ensuring transparency in cybersecurity risk management.
Main Breakdowns:
- Annual reports on cybersecurity risk management, strategy, and governance
- Disclosure of material cybersecurity incidents within four business days
- Details on the impact of cyberattacks on business
- Requirement for board oversight and management expertise in assessing and managing risks
- Effective date for disclosures and potential postponement
Companies will need to disclose any material cybersecurity incidents within four business days and provide a detailed report on the incident’s impact. The SEC’s Chair, Gary Gensler, emphasized that incidents like losing a factory to fire or experiencing a cybersecurity breach can have a financial impact and are therefore material to investors.
The new requirement extends to public companies and foreign private issuers, who must describe their board’s oversight of cybersecurity risks and management’s expertise in handling such threats. The effective date for these disclosures will be between 30 to 180 days after the publication of the new financial release in the Federal Register.
Smaller companies will have the full 180 days to comply with the new rule. However, companies can request a postponement of disclosures if immediate reporting poses a substantial risk to national security or public safety, as determined by the U.S. Attorney General.
Hot Take:
With the SEC’s new requirement, investors in the crypto space can expect greater transparency and accountability from companies. This move acknowledges the potential financial impact of cybersecurity incidents and aims to protect investors’ interests. By mandating timely disclosures and board oversight, the SEC is taking important steps towards strengthening cybersecurity practices in the industry.
By
By
By
By
By