SEC sets up September kickoff for final cyber incident reporting rule to take effect

The U.S. Securities and Exchange Commission’s controversial incident reporting rulemaking will go into effect on Sept. 5, according to a notice in the Federal Register, which includes the text of the final rule and the SEC’s rationale behind making changes to the disclosure regulations.

“The Securities and Exchange Commission (‘Commission’) is adopting new rules to enhance and standardize disclosures regarding cybersecurity risk management, strategy, governance, and incidents by public companies that are subject to the reporting requirements of the Securities...