The U.S. Securities and Exchange Commission (the “SEC” or “Commission”) issued interpretive guidance last week relating to disclosure of cybersecurity risks and incidents amid increasing cybersecurity threats from cybercriminals, nation-states, competitors and “hacktivists,” and a host of significant breaches that have come to light in the last year (including one involving the SEC’s EDGAR system). The SEC’s guidance is to some extent a repetition of guidance issued in 2011 by the Commission’s Division of Corporation Finance (“2011 Staff Guidance”) which enhances its authoritativeness, but there are also some new and noteworthy substantive points.
The SEC Weighs in on Cybersecurity Disclosure: What’s New, What Isn’t, and What to Do Now
Copyright © 2019 Weil, Gotshal & Manges LLP, All Rights Reserved. The contents of this website may contain attorney advertising under the laws of various states. Prior results do not guarantee a similar outcome. Weil, Gotshal & Manges LLP is headquartered in New York and has office locations in Beijing, Boston, Dallas, Frankfurt, Hong Kong, Houston, London, Miami, Munich, New York, Paris, Princeton, Shanghai, Silicon Valley, Warsaw, and Washington, D.C.