On July 26, the SEC adopted amendments to Regulation S-K and Exchange Act forms requiring public companies to disclose on a current basis material cybersecurity incidents and to disclose annually information regarding their cybersecurity risk management, strategy, and governance.
The amendments will require companies to report a cybersecurity incident on Form 8-K within four business days after the company determines the incident is material. Companies will be required to amend the Form 8-K to provide updated incident disclosure if any information called for in the initial Form 8-K is not determined or available at the time of the initial filing.
Please see full publication below for more information.