On July 26, 2023, the US Securities and Exchange Commission (SEC) adopted sweeping changes to cybersecurity disclosure requirements for publicly traded companies. Companies must begin complying as soon as December 2023.
These rules set a new standard for communicating about cybersecurity to investors and the public, and all companies should be not only aware of the changes but actively preparing to meet the requirements.
There are three key elements in the new rules that corporate leaders should know: