SEC Cybersecurity Rules Mandate New Procedures for Data Breaches

May 23, 2024

New SEC Cybersecurity Rules Announced

The SEC announced on May 16 that it is requiring certain kinds of financial institutions to have detailed plans for what process to follow when a data breach involving customer information occurs. The SEC cybersecurity rules also mandate procedures for providing notice to customers whose sensitive information has been accessed or leaked.

The newly amended SEC cybersecurity rules are in addition to reporting regulations that force all public companies to notify the agency of “material” incidents. The Record reports that earlier this month, New York Rep. Andrew Garbarino renewed his effort to rescind the incident reporting rule. He argues that the SEC is not capable of dealing with cybersecurity and that incident reports expose victimized companies to more attacks. The White House says it will veto any such legislation. 

SEC Chair Gary Gensler says the amendments are necessary due to the greater scale and impact of data breaches since the original regulation went into effect. “The basic idea for covered firms is if you’ve got a breach, then you’ve got to notify,” Gensler said. “That’s good for investors.”

The amendment will take effect two months after the rule is published in the Federal Register. Large companies will have 18 months to comply. Smaller ones will have two years. The SEC hasn’t announced how it plans to distinguish between large and small entities. The notifications must take place as soon as possible, and no later than 30 days after covered entities become aware that customer information has been leaked. 

Cybersecurity experts are on board with the amended rule, according to the Record. Several argued that years of voluntary rules contributed to a laid-back attitude that many organizations have with respect to cyberattacks and breaches.  

Sign up for our weekly newsletters specifically curated to different practice areas: litigation, cybersecurity & data privacy, legal ops, and compliance.

Critical intelligence for general counsel

Stay on top of the latest news, solutions and best practices by reading Daily Updates from Today's General Counsel.

Daily Updates

Sign up for our free daily newsletter for the latest news and business legal developments.

Scroll to Top