SEC issues interpretive guidance on cybersecurity
Feb 21, 2018
On February 21, 2018, the Securities and Exchange Commission (SEC) issued interpretive guidance to promote clearer and more robust disclosures by public companies in relation to their cybersecurity risks and incidents, as a result of the increasing number and severity of cybersecurity incidents.
Previous guidance in this area stated that companies may be obligated to disclose cybersecurity risks and incidents, but it did not provide specific disclosure requirements. The new guidance clarifies that the SEC expects companies to disclose cybersecurity risks and incidents that are material to investors, including financial, legal, or reputational consequences.
Review the press release and interpretation on the SEC’s website.