On Dec. 14, 2023, Erik Gerding, director of the U.S. Securities Exchange Commission's (SEC) Division of Corporation Finance, made a statement on cybersecurity disclosure in connection with SEC cybersecurity rules adopted in July 2023. This statement was issued right before compliance dates were coming up for public companies, including foreign private issuers, under these rules. Beginning on Dec. 18, 2023, all public companies (other than smaller reporting companies) are required to disclose material cybersecurity incidents in Item 1.05 of a Current Report on Form 8-K. Smaller reporting companies must begin complying with Item 1.05 of Form 8-K on June 15, 2024. A foreign private issuer is required to file Form 6-K with respect to material cybersecurity incidents that it discloses in a jurisdiction in which it is organized, to any stock exchange on which its securities are traded, or to its security holders. In addition, all public companies must disclose annually information regarding cybersecurity risk management, strategy, and governance in an annual report on Form 10-K or Form 20-F (for foreign private issuers) for the fiscal years ending on or after Dec. 15, 2023.