February 23, 2018
SEC Releases New Cybersecurity Guidance
The SEC has issued a new guidance for companies regarding data breach disclosures.
According to SEC Chairman Jay Clayton, the guidance highlights the disclosure requirements under federal securities law that public operating companies must adhere to with respect to cybersecurity risks and incidents. Additionally, the guidance addresses the importance of policies and procedures related to disclosure controls and procedures, insider trading, and selective disclosures.
Clayton and the SEC urge companies take all required steps to inform investors about cybersecurity risk and incidents in a timely fashion.
In 2011, the SEC’s Division of Corporation Finance first published guidance about disclosing cybersecurity risks, but the frequency of data breaches has increased with some high-profile breaches including the NSA, Uber, and Equifax.
For more information, check out the official press release from the SEC.