The Securities and Exchange Commission proposed amendments to its rules on March 9, 2022, to enhance and standardize public companies’ disclosures regarding cybersecurity risk management, strategy, governance, and incident reporting.
The proposed amendments would require current reporting about material cybersecurity incidents and periodic reporting to provide updates about previously reported cybersecurity incidents.