On March 9, 2022, the US Securities and Exchange Commission (SEC) voted 3-1 to propose new rules and amendments under the Securities Exchange Act of 1934 that would constitute the SEC’s first attempt to adopt specific rules to comprehensively regulate cybersecurity risk management, strategy, governance and incident reporting for public companies (“registrants”). The stated goals of the proposal are to protect investors and optimize their decision-making abilities, raise cross-industry understanding of cyber threats and related incidents and promote timely reporting of cyber incidents. Below, we provide a preliminary overview of the proposed rules and amendments.

Continue reading.