Regulatory and Legal Considerations

New SEC reporting requirements mandate disclosures about cyber incidents, ransom payments, and recovery efforts. The upcoming Cyber Incident Reporting for Critical infrastructure Act will extend similar obligations to non-SEC regulated organizations in critical infrastructure sectors.