On March 9, 2022, the U.S. Securities and Exchange Commission (the “SEC”) released proposed amendments (the “Proposed Amendments”) aimed at enhancing and standardizing disclosure relating to cybersecurity risks and incidents. Under the existing regulatory framework, neither Regulation S-K nor Regulation S-X expressly requires that cybersecurity risk management procedures, cybersecurity risks or incidents be disclosed. However,

Rajesh De
Raj De serves on Mayer Brown’s global Management Committee. He was previously the Managing Partner of Mayer Brown's Washington DC office, which is comprised of more than two hundred lawyers. He leads the firm's global Cybersecurity & Data Privacy practice, as well as the firm’s National Security practice, and serves as a member of the firm’s Congressional Investigations & Crisis Management team. After nearly two decades in private practice and public service across all three branches of the United States government, Raj is one of the most trusted voices in Washington. He has held senior appointments in the White House, the Department of Justice (DOJ) and the Department of Defense (DOD). Raj returned to Mayer Brown in 2015 after serving as General Counsel at the United States National Security Agency (NSA). Since returning to the firm, Raj has received numerous recognitions, including by American Lawyer (“Lateral All-Star”), Washingtonian magazine (“Top Lawyer”), The National Law Journal (“Cybersecurity and Data Privacy Trailblazer”), and Cybersecurity Docket (“Incident Response 30”).
Raj focuses his practice on cutting-edge legal and policy issues at the nexus of technology, national security, law enforcement and privacy. He advises clients, including management teams and boards of directors, in connection with crisis management, government and internal investigations, high-stakes litigation, regulatory enforcement matters, and congressional inquiries. Raj provides clients with strategic counseling and practical legal advice, drawing upon a wealth of experience in government service and private practice.
SEC Proposes Amendments That Would Place New Cybersecurity Reporting and Disclosure Requirements on Public Companies
On March 9, 2022, the US Securities and Exchange Commission (“SEC”) voted 3-1 to propose new rules and amendments under the Securities Exchange Act of 1934 that would constitute the SEC’s first attempt to adopt specific rules to comprehensively regulate cybersecurity risk management, strategy, governance and incident reporting for public companies (“registrants”). The stated goals…