News & Events

Partners Nicholas Goldin and Karen Hsu Kelley, and Associate Shanice Hinckson authored an article titled, “SEC Proposes Cybersecurity Risk Management, Strategy, Governance and Incident Disclosure Rules,” which was published by the Harvard Law School Forum on Corporate Governance. The article explores the SEC’s recently proposed rules aimed at enhancing and standardizing disclosures made by public companies regarding cybersecurity risk management, strategy, governance and incident reporting. The article further addresses how, if adopted, the proposal would require mandatory reporting of material cybersecurity incidents and mandatory ongoing disclosures regarding companies’ governance, risk management, and strategy with respect to cybersecurity risks. It finally emphasizes how, given this proposal and the SEC’s continued focus on cybersecurity related disclosures, as well as the continuing guidance in the Interpretive Guidance in 2018, public companies should consider a fresh review of their disclosure controls and their cybersecurity policies and procedures to assess whether any modifications are warranted.

To read the full article, please click here.