The SEC is set to vote on new cybersecurity disclosure rules due to the Ukraine crisis.

On Wednesday, the Securities and Exchange Commission will be considering new cybersecurity regulations for public companies.

There are two components to the proposal:

1. Companies must report "material" cybersecurity incidents on an 8-K form within four business days of the incident. Despite the SEC's efforts to require cybersecurity incident reporting since 2011, the agency has characterized the reporting of incidents as "inconsistent."
2. Companies must also provide updates on previously reported material cybersecurity incidents in addition to disclosing their cybersecurity policies.

The proposed amendments will be open for public comment for either 30 days or 60 days, whichever is longer, after they are published in the Federal Register.

The SEC is currently seeking public comment on proposed rules related to cybersecurity policies for investment advisors and registered funds, as part of a broader effort to improve cybersecurity disclosure.

Now the regulators are turning their attention to public companies.

Gary Gensler, SEC Chair, stated that many issuers currently disclose cybersecurity information to investors. He believes that requiring this information in a consistent, comparable, and decision-useful manner would benefit both companies and investors.

The crisis in Ukraine has given special relevance to proposals that have been under consideration by the SEC for some time.

Gensler's regulatory agenda includes over 50 proposals, with cybersecurity being just a small part of it.