CAQ Releases Publication on Cybersecurity

The CAQ has released a publication What Management Needs to Know About the SEC’s New Cybersecurity Disclosure Rules. The publication notes that these new SEC rules require “registrants that are subject to the reporting requirements of the Securities Exchange Act of 1934 to make timely disclosure of material cybersecurity incidents as well as annual disclosure of information regarding their cybersecurity risk management, strategy, and governance.” Specific topics covered in the publication include:

• Certifications related to disclosure controls and procedures.
• Disclosing material cybersecurity incidents.
• Disclosures about cybersecurity risk management and strategies.