Policy Backgrounders
The Conference Board uses cookies to improve our website, enhance your experience, and deliver relevant messages and offers about our products. Detailed information on the use of cookies on this site is provided in our cookie policy. For more information on how The Conference Board collects and uses personal data, please visit our privacy policy. By continuing to use this Site or by clicking "OK", you consent to the use of cookies. 

AI: The Next Transformation

Policy Backgrounders

CED’s Policy Backgrounders provide timely insights on prominent business and economic policy issues facing the nation.

SEC Cyber Reporting Final Rule

August 11, 2023

The SEC adopted its final rule on cyber incident disclosures for publicly traded companies. It will take effect in mid-December, adding to the federal push to bolster cybersecurity for US businesses and critical infrastructure.

  • The rule will require reporting within four business days of discovery of a breach deemed to be material, while also adding annual requirements pertaining to information about the processes followed by corporate boards and executives to assess and manage cyber risks.
  • Following public comments, the SEC modified the original proposal to allow for reasonable delays in certain cases and to remove the requirement that companies report the cyber expertise of their boards of directors.
  • The SEC did not modify the four-day reporting window after comments raised concern over conflicting periods with the forthcoming 72-hour CISA requirements applying to critical infrastructure firms. However, the administration and regulators have shown interest in addressing regulatory harmonization as new requirements are developed.

Authors

Publications


Webcasts, Podcasts and Videos


Upcoming Events


Press Releases / In the News

hubCircleImage