New Regulatory Agenda Reveals Forthcoming Cybersecurity Regulations

The Biden Administration released its Fall 2022 regulatory agenda on Jan. 4, 2023, to outline regulations aimed at cybersecurity requirements for government contractors, the maritime industry, public companies and others.

Taken together, these regulations are a stark reminder of the growing importance of design, implementation, testing and updating cybersecurity measures in all aspects of operations. The regulations also represent significant and more comprehensive cybersecurity obligations and regulatory review, as well as important contracting implications, for companies covered by these regulations.

Notable Examples

Cybersecurity Requirements for Investment Adviser and Companies (U.S. Securities and Exchange Commission, or SEC). In March 2022, the SEC proposed rules that would require registered investment advisers and investment companies to 1) develop and periodically update written cybersecurity risk assessments and to adopt and implement specific written cybersecurity policies and procedures reasonably designed to address cybersecurity risks, 2) disclose significant cybersecurity risks and cybersecurity incidents that affect advisers and funds and their clients and shareholders on Form ADV Part 2A and associated fund forms and 3) adhere to new recordkeeping requirements under the Investment Advisers Act (IAA) and Investment Company Act. The goal is to "enhance and standardize disclosures regarding cybersecurity risk management, strategy, governance, and incident reporting by public companies." Final regulations are expected in April 2023. SOURCE