The U.S. Securities and Exchange Commission (SEC) Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure rules officially went into effect in December 2023.[1] Aimed at improving cybersecurity risk management at public companies, the rules intended to protect investors by enforcing operational and strategic transparency. Public companies must now disclose major cybersecurity incidents and provide annual updates on how they approach cybersecurity resilience and governance.
The post The SEC’s cybersecurity and disclosure rules: The questions compliance pros still have appeared first on Thrive.