This site uses cookies to provide you with a more responsive and personalised service. By using this site you agree to our use of cookies. Please read our cookie notice (http://www2.deloitte.com/ca/en/legal/cookies.html) for more information on the cookies we use and how to delete or block them.
The full functionality of our site is not supported on your browser version, or you may have 'compatibility mode' selected. Please turn off compatibility mode, upgrade your browser to at least Internet Explorer 9, or try using another browser such as Google Chrome or Mozilla Firefox.

How to meet SEC demand for cybersecurity disclosures

  • United States Image

Mar 27, 2018

On March 27 2018, Accounting Today published an article on the SEC’s 2018 Guidance on Public Company Cybersecurity Disclosures and the elements that companies need to consider.

The SEC guidance released  includes two new areas: cybersecurity policies and procedures, and insider trading prohibitions.

The guidance spells out the rules of disclosure, stresses the importance of materiality when preparing disclosures and lists five elements of materiality to consider.

Experts from Deloitte are recommending public companies also consider taking an additional five steps:

  1. Assess current policies and procedures related to cyber risks and incidents.
  2. Align cyber risk with operational risk framework, and develop shared understanding on materiality considerations.
  3. Understand disclosure obligations under federal and state laws, and establish and maintain appropriate and effective disclosure controls for cybersecurity risks and incidents.
  4. Examine and update insider trading policies and procedures.
  5. Raise C-suite and board awareness on SEC guidance and company obligations, and assess and test incident management processes, including through cyber war gaming.

Review the article on Accounting Today's website and the guidance on the SEC's website.

Correction list for hyphenation

These words serve as exceptions. Once entered, they are only hyphenated at the specified hyphenation points. Each word should be on a separate line.