WASHINGTON — Wall Street’s watchdog is set to unveil a rule on Wednesday that aims to enhance how public companies disclose when they experience a breach, and how soon.
Under the proposed Securities and Exchange Commission (SEC) measures, a company would have to spell out when it experiences a risk and what strategies it has employed to address and manage such risks in current report filings, including Form 8-K.
The rule changes, which are subject to public consultation, would also require an analysis of how the cyber risks are likely to affect the firm’s financials. This would allow investors to assess these risks more effectively, and to locate them more readily, the SEC said.
The changes come a time of growing regulatory concern about how cyber security issues could affect markets and investors. Regulators have warned, for example, of cyber attacks from Russia in retaliation for western sanctions.
President Joe Biden’s administration has also ratcheted up its focus on the issue after a recent series of high-profile cyber attacks on U.S.-based companies.
When companies have an obligation to disclose material information to investors, they must be complete and accurate, SEC chair Gary Gensler said in a statement.
“Their disclosures also should be timely,” he added.
Wednesday’s measure would also require updates in periodic reports to give investors more complete information on previously disclosed, material cybersecurity incidents, the agency said.
The proposals would build on existing SEC cyber risk guidance, which is set to remain in effect, even under the SEC’s new rules, an agency official told reporters.
“How a company might think about the impact (of a breach) to management’s discussion and analysis of financial conditions … should still be taken into consideration,” the official added. (Reporting by Katanga Johnson in Washington Editing by Michelle Price and Chizu Nomiyama)
Financial Post Top Stories
Sign up to receive the daily top stories from the Financial Post, a division of Postmedia Network Inc.
By clicking on the sign up button you consent to receive the above newsletter from Postmedia Network Inc. You may unsubscribe any time by clicking on the unsubscribe link at the bottom of our emails. Postmedia Network Inc. | 365 Bloor Street East, Toronto, Ontario, M4W 3L4 | 416-383-2300