SEC issues interpretive guidance on cybersecurity
22 Feb, 2018
The increasing number and severity of cybersecurity incidents has led the Securities and Exchange Commission (SEC) to issue interpretive guidance to promote clearer and more robust disclosures by public companies in relation to their cybersecurity risks and incidents.
Previous guidance in this area stated that companies may be obligated to disclose cybersecurity risks and incidents, but it did not provide specific disclosure requirements. The new guidance clarifies that the SEC expects companies to disclose cybersecurity risks and incidents that are material to investors, including financial, legal, or reputational consequences.
For more information, see the press release and interpretation on the SEC’s website.