New SEC Cybersecurity Disclosure Rules
Canadian issuers that are reporting issuers with the Securities and Exchange Commission should be aware of new rules that impose disclosure requirements regarding cybersecurity risk management, strategy, governance and incidents. The new rules have two basic components. First, certain issuers will have new disclosure requirements regarding the registrant’s processes and policies for cybersecurity risk management, strategy and governance. These disclosures (which we refer to as “risk management disclosures”) will be required in the registrant’s annual report. The new risk management disclosures apply to nearly all domestic SEC reporting issuers (including Canadian issuers that report on domestic forms) and those foreign private issuers that report on Form 20-F. Second, in the event of a material...