{"id":217584,"date":"2026-02-26T06:32:00","date_gmt":"2026-02-26T11:32:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/02\/26\/secs-new-cyber-security-rules-put-boards-on-the-hook\/"},"modified":"2026-02-26T07:00:11","modified_gmt":"2026-02-26T12:00:11","slug":"secs-new-cyber-security-rules-put-boards-on-the-hook","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/02\/26\/secs-new-cyber-security-rules-put-boards-on-the-hook\/","title":{"rendered":"SEC\u2019s new cyber-security rules put boards on the hook"},"content":{"rendered":"<p><a href=\"https:\/\/www.governance-intelligence.com\/regulatory-compliance\/secs-new-cyber-security-rules-put-boards-hook\">SEC\u2019s new cyber-security rules put boards on the hook<\/a><\/p>\n<p><a href=\"https:\/\/www.governance-intelligence.com\/regulatory-compliance\/secs-new-cyber-security-rules-put-boards-hook\">https:\/\/www.governance-intelligence.com\/regulatory-compliance\/secs-new-cyber-security-rules-put-boards-hook<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-02-26 06:32:00<\/a><\/p>\n<p>Source Domain: <a href=\"www.governance-intelligence.com\">www.governance-intelligence.com<\/a><\/p>\n<p>The SEC\u2019s amendments to Regulation S-P, now in effect and requiring compliance by June 2026, elevate cyber-security from an operational concern to a board-level accountability issue<\/p>\n<p><span><span><span>The SEC\u2019s new cyber-security disclosure rules hold boards personally accountable for cyber oversight, intensifying scrutiny and liability across public companies and registered entities. The amendments, effective in 2025 with a compliance deadline of June 3, 2026, expand obligations under Regulation S-P and reshape how firms govern, document and disclose cyber risk.<\/span><\/span><\/span><\/p>\n<p><span><span><span>Adopted in 2024 and now in force, the changes modernize safeguards for customer information and tighten incident response requirements as part of a broader push to strengthen operational resilience and investor protection amid escalating cyber threats. Although firms have until June 2026 to comply, regulators have made clear that preparation should already be underway.<\/span><\/span><\/span><\/p>\n<p><span><span><span>A central shift is the board\u2019s enhanced role. Directors are expected to exercise active oversight of cyber risk management rather than simply receive updates. Boards must understand the company\u2019s risk profile, evaluate the effectiveness of policies and procedures and ensure adequate resources are devoted to cyber controls. The heightened expectations increase exposure to regulatory, shareholder and litigation risk where oversight falls short.<\/span><\/span><\/span><\/p>\n<p><span><span><span>Under the revised framework, broker-dealers, investment advisers and investment companies must implement written incident response programs to detect, respond to and recover from unauthorized access to or use of customer information. These programs must outline how firms assess the scope of an incident, contain and remediate threats and notify affected individuals. Covered institutions are also required to maintain and periodically review written safeguards designed to protect customer records and information.<\/span><\/span><\/span><\/p>\n<p><span><span><span>One of the most significant additions is a new customer notification mandate. If a breach involving&#8230;<\/span><\/span><\/span><\/p>\n<p><a href=\"https:\/\/www.governance-intelligence.com\/regulatory-compliance\/secs-new-cyber-security-rules-put-boards-hook\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>SEC\u2019s new cyber-security rules put boards on the hook https:\/\/www.governance-intelligence.com\/regulatory-compliance\/secs-new-cyber-security-rules-put-boards-hook Publish Date: 2026-02-26 06:32:00 Source&#8230;<\/p>\n","protected":false},"author":1,"featured_media":217585,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/www.governance-intelligence.com\/sites\/default\/files\/field\/image\/brianpenny-ai-generated-9123440_1280.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[30,57],"class_list":["post-217584","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-breach","tag-security"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/217584"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=217584"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/217584\/revisions"}],"predecessor-version":[{"id":217586,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/217584\/revisions\/217586"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/217585"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=217584"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=217584"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=217584"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}