SEC Implements New Regulations to Enhance Cybersecurity Disclosures for Crypto and Listed Companies

The United States Securities and Exchange Commission (SEC) has taken a significant step towards strengthening cybersecurity measures for listed companies, including those operating in the cryptocurrency space. The new regulations, announced by SEC Chair Gary Gensler, mandate companies to disclose major cybersecurity incidents they experience and issue annual reports on their cybersecurity risks. The rules will also apply to foreign companies, ensuring a consistent and transparent approach to cybersecurity disclosures across all markets.

According to Chair Gensler, the disclosure of cybersecurity incidents is as vital as reporting other significant events that could impact a company’s operations and finances. He emphasized that the consistency, comparability, and decision-usefulness of these disclosures will benefit investors, companies, and the overall market.

Under the new rules, registrants will be required to disclose any cybersecurity incident they determine to be material on a newly introduced “Item 1.05 of Form 8-K.” The disclosure must include details about the nature, scope, and timing of the incident, as well as its material impact or potential impact on the company. Companies will have four business days to submit this disclosure after determining the materiality of the incident. However, immediate disclosure can be delayed if it poses a substantial risk to national security or public safety, and the United States Attorney General notifies the Commission in writing.

Additionally, a new “Regulation S-K Item 106” will mandate registrants to describe their processes for assessing, identifying, and managing material cybersecurity risks, as well as the potential effects of such risks and any previous cybersecurity incidents. Companies will also need to disclose information about their board of directors’ oversight of cybersecurity threats and the expertise of management in managing such risks. These disclosures will be included in a company’s annual report on Form 10-K.

The new rules will also extend to foreign private issuers, requiring them to make comparable cybersecurity disclosures on Form 6-K for material incidents and on Form 20-F for risk management, strategy, and governance.

The effective date of the final rules will be 30 days after their publication in the Federal Register. Companies will be expected to comply with the new disclosure requirements starting with their annual reports for fiscal years ending on or after December 15, 2023. The deadlines for Form 8-K and Form 6-K disclosures will be 90 days after the date of publication in the Federal Register or December 18, 2023, whichever comes later. Smaller reporting companies will have an additional 180 days to begin providing the Form 8-K disclosure. All registrants must also tag the required disclosures using Inline XBRL, starting one year after initial compliance with the related disclosure requirement.

The implementation of these regulations marks a crucial milestone in the ongoing effort to strengthen cybersecurity measures in the business world, particularly in the rapidly growing cryptocurrency industry. With cyber threats becoming increasingly prevalent, investors and stakeholders will now have access to more comprehensive and timely information about the potential risks faced by listed companies and cryptocurrency ventures.

The SEC’s initiative is expected to foster greater accountability, transparency, and confidence in the market, benefiting both companies and investors alike. As cybersecurity remains a top concern in the digital age, these regulations will play a pivotal role in safeguarding the interests of businesses and individuals alike in the evolving landscape of finance and technology.

Read more:

Join us on Telegram

Follow us on Twitter

Follow us on Facebook

Follow us on Reddit

You might also like