On July 26, 2023, the Securities and Exchange Commission (“SEC”) adopted amendments augmenting and standardizing required disclosures for public companies related to cybersecurity. The rules apply to all registrants, and includes comparable requirements of foreign private issuers. The rules reflect several changes to elements described in the 2022 proposed rule and in previous guidance.

On November 18, 2021, the Federal Reserve, Federal Deposit Insurance Corporation (FDIC), and the Office of the Comptroller of the Currency (OCC) approved a new final rule regarding reporting of cyber incidents for U.S. banks and service providers.

Under the new rule, a banking organization must notify its primary federal regulator of “any significant computer