This site uses cookies to provide you with a more responsive and personalised service. By using this site you agree to our use of cookies. Please read our cookie notice ( for more information on the cookies we use and how to delete or block them.
The full functionality of our site is not supported on your browser version, or you may have 'compatibility mode' selected. Please turn off compatibility mode, upgrade your browser to at least Internet Explorer 9, or try using another browser such as Google Chrome or Mozilla Firefox.

SEC issues interpretive guidance on cybersecurity

  • US_SEC Image

Feb 21, 2018

On February 21, 2018, the Securities and Exchange Commission (SEC) issued interpretive guidance to promote clearer and more robust disclosures by public companies in relation to their cybersecurity risks and incidents, as a result of the increasing number and severity of cybersecurity incidents.

Previous guidance in this area stated that companies may be obligated to disclose cybersecurity risks and incidents, but it did not provide specific disclosure requirements. The new guidance clarifies that the SEC expects companies to disclose cybersecurity risks and incidents that are material to investors, including financial, legal, or reputational consequences.

Review the press release and interpretation on the SEC’s website.

Correction list for hyphenation

These words serve as exceptions. Once entered, they are only hyphenated at the specified hyphenation points. Each word should be on a separate line.