The CAQ has released a publication What Management Needs to Know About the SEC’s New Cybersecurity Disclosure
Rules. The publication notes that these new SEC rules
require “registrants that are subject to the reporting requirements of the Securities
Exchange Act of 1934 to make timely disclosure of material cybersecurity incidents as
well as annual disclosure of information regarding their cybersecurity risk management,
strategy, and governance.” Specific topics covered in the publication include:
Certifications related to disclosure controls and procedures.
Disclosing material cybersecurity incidents.
Disclosures about cybersecurity risk management and strategies.