The new final rule represents a significant evolution in the SEC’s approach to cybersecurity disclosure, and a major step forward in promoting transparency and accountability in cybersecurity risk management. It provides more detailed requirements for disclosing cybersecurity risks and emphasizes disclosure of the board’s role in overseeing cybersecurity risk management.
