SEC Issues Cybersecurity Guidance
Apr 27, 2018
On April 27, 2018, the Deloitte portal of the Wall Street Journal published an overview of the SEC’s views on cybersecurity disclosure requirements and procedures under the federal securities laws as articulated in the cybersecurity interpretive guidance.
The overview also compares how the release affects the SEC staff guidance issued in 2011.
The SEC acknowledged that it does not expect a company’s disclosures to provide a level of detail that could compromise its cybersecurity efforts and that there may be limited information available in the early stages of a cybersecurity incident investigation. Nevertheless, the SEC emphasized that as information becomes available, registrants are responsible for disclosing appropriate information to keep investors informed and must balance the need for timely disclosure with the level of detail they can provide about such incidents. While cooperation with law enforcement during an ongoing investigation of a material cybersecurity incident may be necessary and may affect the scope of disclosure, it would not alone provide a basis for omitting material disclosures.
Review the overview on the Wall Street Journal's website.