
As the Cybersecurity and Infrastructure Security Agency (CISA) continues through a lengthy rulemaking process to establish requirements for cybersecurity incident reporting by certain critical infrastructure entities, the Securities and Exchange Commission (SEC) on Wednesday published a final rule directing public companies to disclose material cyber incidents, and their plans to identify and manage risks from cyber threats. The Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure rule goes into effect 30 days after it is published in the Federal Register.…