SEC Publishes More New C&DI On Cybersecurity Rules

On June 24, 2024 the SEC published five (5) new compliance and disclosure interpretations (C&DI) on cybersecurity incident disclosures supplementing the C&DI published in December 2023 (see HERE).

Cybersecurity

In July, 2023 the SEC adopted final new rules requiring disclosures for both domestic and foreign companies related to cybersecurity incidents, risk management, strategy and governance (see HERE for a review of the new rules).

The cybersecurity rules add new Item 1.05 to Form 8-K requiring disclosure of a material cybersecurity incident including the incident’s nature, scope, timing, and material impact or reasonably likely impact on the company.  An Item 1.05 Form 8-K is due within four business days following determination that a cybersecurity incident is material. Given the sensitive nature of cybersecurity crimes, the SEC has added a provision allowing an 8-K to be delayed if it is informed by the United States Attorney General, in writing, that immediate disclosure would pose a substantial risk to national security or