SEC Seeks More Cybersecurity Info From Companies

The U.S. Securities and Exchange Commission (SEC) on Wednesday (March 9) proposed amendments to its rules on cybersecurity risk management, strategy, governance and incident reporting by public companies.

“Over the years, our disclosure regime has evolved to reflect evolving risks and investor needs,” SEC Chair Gary Gensler said in a news release.

“Today, cybersecurity is an emerging risk with which public issuers increasingly must contend. Investors want to know more about how issuers are managing those growing risks. A lot of issuers already provide cybersecurity disclosure to investors. I think companies and investors alike would benefit if this information were required in a consistent, comparable, and decision-useful manner.”

If adopted, Gensler said, the proposal would bolster investors’ ability to examine public companies’ cybersecurity practices and incident reporting.

According to the SEC, the amendments would require current reporting about material cybersecurity incidents and periodic reporting to provide updates about past incidents.

In addition, companies would also have to issue periodic reports about policies and procedures to identify and manage cybersecurity risks, as well as their board and management’s oversight in dealing with those risks.

The proposal would also require yearly reporting “certain proxy disclosure about the board of directors’ cybersecurity expertise, if any,” the SEC said.

The commission said these amendments are designed to give investors better information about companies’ risk management, strategy, and governance and to give them timely notification about material cybersecurity incidents.

Read more: Biden Administration Looks for Private Equity, Hedge Fund Transparency

The SEC’s announcement comes weeks after the commission proposed a multipronged rule to improve transparency by requiring private equity funds to issue statements every quarter that provide information about fees, performance and other details.

The agency has also created a rule that would limit preferential treatment for some investors. This rule also mandates a yearly audit of private funds, with a block on funds from engaging in some conflicts of interest.