SEC Finalizes Cybersecurity Disclosures Rule
After an aggressive campaign by the NAM, the U.S. Securities and Exchange Commission has scaled back a damaging cybersecurity proposal that would have been deeply problematic for manufacturers. Yet, the final regulations still impose compliance burdens on publicly traded companies. Here’s what manufacturers can expect now that the rule is finalized.
The background: Last year, the SEC proposed a new set of cybersecurity disclosure requirements for public companies.
- The centerpiece of the rule was a mandate to disclose cybersecurity incidents to the public within four days.
- The proposal also would have required detailed reporting on companies’ policies and procedures for responding to cybersecurity threats.
The problem: Requiring detailed public disclosures about cybersecurity incidents and processes could provide a roadmap to potential hackers, and sharing information about ongoing incidents could compromise efforts to stop an attack.
The NAM response: The NAM urged the SEC to make commonsense adjustments to protect manufacturers from attacks and give companies the flexibility to respond to cybersecurity incidents appropriately.
The result: The final rule is more tailored than the initial proposal, reducing the risk that companies will be forced to expose sensitive information. But its requirements still constitute new compliance burdens on manufacturers.
For the details of the final rule, read the full story.
Every manufacturer should have the tools they need to be protected against cyberattacks. Check out NAM Cyber Cover—an exclusive cybersecurity and risk mitigation program for NAM member companies and organizations.