If adopted, the proposed
amendments would require additional disclosure of a registrant’s
policies and procedures, if any, for the identification and
management of risks from cybersecurity threats, a registrant’s
cybersecurity governance, including the board of directors’
oversight role regarding cybersecurity risks, and management’s role
and expertise in assessing and managing cybersecurity risk and
implementing the registrant’s cybersecurity policies, procedures,
and strategies, as well as disclosure regarding board member
cybersecurity expertise, if any. The Commission also proposed to
require registrants to provide updated disclosure relating to
previously disclosed cybersecurity incidents and to require
disclosure, to the extent known to management, when a series of
previously undisclosed individually immaterial cybersecurity
incidents has become material in the aggregate. The Commission
estimates that the amendments would result in an increase in the
paperwork burden of affected entities. For purposes of the PRA, the
Commission estimates that, for Form 10-K, the proposed amendments
would result in an increase of 99,432 burden hours and $13,257,600
for the services of outside professionals.
On behalf of this Federal agency, I certify that
the collection of information encompassed by this request complies
with 5 CFR 1320.9 and the related provisions of 5 CFR
1320.8(b)(3).
The following is a summary of the topics, regarding
the proposed collection of information, that the certification
covers:
(i) Why the information is being collected;
(ii) Use of information;
(iii) Burden estimate;
(iv) Nature of response (voluntary, required for a
benefit, or mandatory);
(v) Nature and extent of confidentiality; and
(vi) Need to display currently valid OMB control
number;
If you are unable to certify compliance with any of
these provisions, identify the item by leaving the box unchecked
and explain the reason in the Supporting Statement.