The Securities and Exchange Commission recently issued guidance on disclosures by public companies of the cybersecurity risks they are facing and what they’re doing to address those risks. Accountants can play a role in helping companies by providing assurance and attestation services to make sure they’re taking steps to mitigate the risks.
The SEC’s 2018 Guidance on Public Company Cybersecurity Disclosures indicates the growing concerns over cybersecurity incidents such as data breaches, and what companies need to do about publicly disclosing them (see SEC wants cybersecurity disclosures). The 2018 guidance released last month includes two new areas: cybersecurity policies and procedures, and insider trading prohibitions. The guidance spells out the rules of disclosure, including ensuring fair disclosure according to the Reg FD requirements, along with the factors that public companies need to consider to determine whether material information has been compromised. The 2018 guidance stresses the importance of materiality when preparing disclosures and lists five elements of materiality to consider.
Experts from Deloitte are recommending public companies…
