Cybersecurity Disclosure and Enforcement Developments, Predictions
Explore all topics or download the PDF. Download the PDF or explore all topics.
The SEC took multiple high-profile enforcement actions in 2024. It also issued additional guidance on compliance with the new cybersecurity rules. These developments show that the SEC is still focused on robust disclosure frameworks in cybersecurity incidents. The SEC’s cybersecurity rules went into effect in late 2023 and 2024 was the first year that companies were required to comply. The rules added Item 1.05. This requires domestic public companies to provide certain information within four days of determining they have experienced a significant cybersecurity incident. This includes the material aspects of nature, scope, and timing of the incident and the material or reasonably likely impact on the company.
