On July 26, 2023, the US Securities and Exchange Commission (SEC) adopted final rules regarding cybersecurity disclosure that should be of interest to every public company. The new rules are intended to "enhance and standardize disclosures regarding cybersecurity risk management, strategy, governance, and incidents by public companies." The SEC's final cybersecurity rules consist of current disclosure of material cybersecurity incidents under new Item 1.05 of Form 8-K or on Form 6-K and annual disclosure of a registrant's cybersecurity risk management and strategy and cybersecurity governance in annual reports on Form 10-K or 20-F pursuant to the disclosure requirements of new Item 106 of Regulation S-K. The final rules and highlights from the SEC’s adopting release are summarized with commentary on next steps below. Redlines reflecting the differences between the proposed and final rules applicable to domestic issuers under Item 1.05 of Form 8-K and Item 106 of Regulation S-K appear as Annexes A and B, respectively. Continue reading >