The U.S. Securities and Exchange Commission (the “SEC” or “Commission”) issued interpretive guidance last week relating to disclosure of cybersecurity risks and incidents amid increasing cybersecurity threats from cybercriminals, nation-states, competitors and “hacktivists,” and a host of significant breaches that have come to light in the last year (including one involving the SEC’s EDGAR system). The SEC’s guidance is to some extent a repetition of guidance issued in 2011 by the Commission’s Division of Corporation Finance (“2011 Staff Guidance”) which enhances its authoritativeness, but there are also some new and noteworthy substantive points.
The SEC Weighs in on Cybersecurity Disclosure: What’s New, What Isn’t, and What to Do Now
SEC Staff Brings Down its Q1 COVID-related Reporting Guidance for Q2: Focus on Liquidity and Capital Resources, CARES Act Assistance, Ability to Continue as a Going Concern and High-Quality Financial Reporting
Copyright © 2020 Weil, Gotshal & Manges LLP, All Rights Reserved. The contents of this website may contain attorney advertising under the laws of various states. Prior results do not guarantee a similar outcome. Weil, Gotshal & Manges LLP is headquartered in New York and has office locations in Beijing, Boston, Dallas, Frankfurt, Hong Kong, Houston, London, Miami, Munich, New York, Paris, Princeton, Shanghai, Silicon Valley, and Washington, D.C.