This site uses cookies to provide you with a more responsive and personalised service. By using this site you agree to our use of cookies. Please read our cookie notice (http://www2.deloitte.com/ca/en/legal/cookies.html) for more information on the cookies we use and how to delete or block them.
The full functionality of our site is not supported on your browser version, or you may have 'compatibility mode' selected. Please turn off compatibility mode, upgrade your browser to at least Internet Explorer 9, or try using another browser such as Google Chrome or Mozilla Firefox.

SEC Issues Cybersecurity Guidance

  • United States Image

Apr 27, 2018

On April 27, 2018, the Deloitte portal of the Wall Street Journal published an overview of the SEC’s views on cybersecurity disclosure requirements and procedures under the federal securities laws as articulated in the cybersecurity interpretive guidance.

The overview also compares how the release affects the SEC staff guidance issued in 2011.

The SEC acknowledged that it does not expect a company’s disclosures to provide a level of detail that could compromise its cybersecurity efforts and that there may be limited information available in the early stages of a cybersecurity incident investigation. Nevertheless, the SEC emphasized that as information becomes available, registrants are responsible for disclosing appropriate information to keep investors informed and must balance the need for timely disclosure with the level of detail they can provide about such incidents. While cooperation with law enforcement during an ongoing investigation of a material cybersecurity incident may be necessary and may affect the scope of disclosure, it would not alone provide a basis for omitting material disclosures.

Review the overview on the Wall Street Journal's website.

Correction list for hyphenation

These words serve as exceptions. Once entered, they are only hyphenated at the specified hyphenation points. Each word should be on a separate line.