Reading the Tea Leaves: What Could Cybersecurity Rules Tell Us About Final Climate Change Rules? : TheCorporateCounsel.net Blog

Which brings us to the question that everyone is asking these days – what will the final climate change disclosure rules look like? In trying to answer this question like Zoltar, I am encouraged by the outcome we recently observed with the cybersecurity disclosure rules. In March 2022, the SEC originally proposed cybersecurity disclosure rules that included complex and highly detailed requirements that struck companies and their advisers as overly prescriptive and seeking too much detail. Consistent with other recent rulemakings, the Commission went down the path of proposing very prescriptive disclosure requirements on the topic of cybersecurity risk management and oversight for periodic reports and for the type of information that would be required to be disclosed when it is determined that a cybersecurity incident is material. The Commission also took what proved to be a controversial step of proposing that companies disclose information about the cybersecurity expertise of corporate directors.

In the final rules, the Commission clearly considered the concerns of commenters on a number of important issues and modified the final rules as a result, including paring back the disclosure required on a current basis when an incident is determined to be material, pivoting to a more principles-based approach for the disclosure related to risk management, strategy, and governance and not adopting the proposed requirement to disclose board cybersecurity expertise.

Source: Reading the Tea Leaves: What Could Cybersecurity Rules Tell Us About Final Climate Change Rules? : TheCorporateCounsel.net Blog