“Today, the importance of data management and technology to business is analogous to the importance of electricity and other forms of power in the past century.” — SEC Commission Statement and Guidance on Public Company Cybersecurity Disclosures
On Feb. 21, 2018, the U.S. Securities and Exchange Commission (SEC) released updated guidance on cybersecurity disclosure for public companies. The agency updated the document’s previous language, which was released in 2011, regarding cyber risks and their impact on investment decisions.
SEC Sets New Standards for Cybersecurity Disclosure
In a press release announcing the update, SEC Chairman Jay Clayton shared his aim to ensure that companies provide “more complete information” to investors about cyber risks and incidents. He also urged companies to “examine their controls and procedures, with not only their securities law disclosure obligations in mind, but also reputational considerations around sales of securities by executives.” Specifically, the SEC guidance cautioned companies to “avoid the appearance of improper trading during the period following an incident and prior to the dissemination of disclosure.” It…
