Key Points

• New SEC rules from 2023 require public companies to report material cybersecurity incidents promptly and detail their cybersecurity risk management strategies in annual reports — requirements that increase the risk of litigation over misstatements relating to cybersecurity.
• The