SEC is expected to issue climate, human capital, and cyber risk governance disclosure requirements this year. In a clear indication of activity in the cyber area, the SEC has denoted key areas of upcoming focus that address strengthening the “cyber hygiene” of SEC registrants (practices to maintain the security of devices, networks, and data) and improving the timing and content of cyber incident notifications and disclosures to clients, investors, and the SEC. Proposals to amend Reg SCI would extend requirements intended to protect the resiliency of technology infrastructures (including business continuity plans, testing protocols, data backups, incident reporting) to reach an expanded number of registrants. Notably, Chair Gensler is considering how to expand oversight of the cyber risks posed by certain service providers, calling out the federal banking regulators oversight model as an example; the federal banking regulators recently finalized cyber incident notification rules that cover both banking entities and certain of their service providers.
Cybersecurity: SEC Reg SCI Proposal, Future Considerations
Upcoming focus on strengthening “cyber hygiene” and improving the timing and content of cyber incident notifications and disclosures
Share
Dive into our thinking:
Cybersecurity: SEC Reg SCI Proposal, Future Considerations
Download PDFGet the latest from KPMG Regulatory Insights
KPMG Regulatory Insights is the thought leader hub for timely insight on risk and regulatory developments.
