SEC is expected to issue climate, human capital, and cyber risk governance disclosure requirements this year. In a clear indication of activity in the cyber area, the SEC has denoted key areas of upcoming focus that address strengthening the “cyber hygiene” of SEC registrants (practices to maintain the security of devices, networks, and data) and improving the timing and content of cyber incident notifications and disclosures to clients, investors, and the SEC. Proposals to amend Reg SCI would extend requirements intended to protect the resiliency of technology infrastructures (including business continuity plans, testing protocols, data backups, incident reporting) to reach an expanded number of registrants. Notably, Chair Gensler is considering how to expand oversight of the cyber risks posed by certain service providers, calling out the federal banking regulators oversight model as an example; the federal banking regulators recently finalized cyber incident notification rules that cover both banking entities and certain of their service providers.