The Securities and Exchange Commission (SEC) is soliciting comments on proposed rules to improve and standardize disclosures by public companies regarding cybersecurity risk management, incident reporting, strategy and governance.
The proposal would require periodic reporting of a registrant’s procedures and policies to facilitate cyber risk management and disclosures of expertise and cyber risk oversight of the board of directors, according to a Federal Register notice published Wednesday.
SEC would require the presentation of cybersecurity disclosures using Inline eXtensible Business Reporting Language or Inline XBRL. The proposed rules are part of the agency’s efforts to inform investors about the risk management, governance and strategy of a registrant.
SEC, which first announced the proposed rules in early March, will accept comments through May 9th.
