On March 9, the U.S. Securities and Exchange Commission proposed new rules that would fundamentally change how public companies treat the reporting and management of cybersecurity incidents and risk.
Read on for details about these proposed rules, which build significantly upon prior guidance by creating express, mandatory disclosure obligations.