How to meet SEC demand for cybersecurity disclosures

  • United States Image

Mar 27, 2018

On March 27 2018, Accounting Today published an article on the SEC’s 2018 Guidance on Public Company Cybersecurity Disclosures and the elements that companies need to consider.

The SEC guidance released  includes two new areas: cybersecurity policies and procedures, and insider trading prohibitions.

The guidance spells out the rules of disclosure, stresses the importance of materiality when preparing disclosures and lists five elements of materiality to consider.

Experts from Deloitte are recommending public companies also consider taking an additional five steps:

  1. Assess current policies and procedures related to cyber risks and incidents.
  2. Align cyber risk with operational risk framework, and develop shared understanding on materiality considerations.
  3. Understand disclosure obligations under federal and state laws, and establish and maintain appropriate and effective disclosure controls for cybersecurity risks and incidents.
  4. Examine and update insider trading policies and procedures.
  5. Raise C-suite and board awareness on SEC guidance and company obligations, and assess and test incident management processes, including through cyber war gaming.

Review the article on Accounting Today's website and the guidance on the SEC's website.

Correction list for hyphenation

These words serve as exceptions. Once entered, they are only hyphenated at the specified hyphenation points. Each word should be on a separate line.