Tag Archives: cybersecurity

Data Privacy and Network Security: In a rare move, SEC issues guidance on cybersecurity risks

The Securities and Exchange Commission has put public companies on notice of the significant risks relating to cybersecurity and has indicated that unmitigated exposure to cyber incidents should not be ignored in public disclosures. The SEC’s Division of Corporate Finance issued a Disclosure Guidance (Guidance) addressing disclosure obligations related to cybersecurity risks and cyber incidents.

The SEC does not often target such a specific area of corporate vulnerability for disclosure, but the move is not all that surprising in light of the increased frequency and severity of cyber incidents resulting in extraordinary costs to public companies and their shareholders. Although not a rule or a regulation, the Guidance clearly states the SEC’s position that several existing disclosure requirements already impose an obligation on public companies to disclose certain cybersecurity risks and cyber incidents, just as a company would need to with any other significant operational or financial risk.

Read full article