The SEC Weighs in on Cybersecurity Disclosure: What’s New, What Isn’t, and What to Do Now

Print Print

The U.S. Securities and Exchange Commission (the “SEC” or “Commission”) issued interpretive guidance last week relating to disclosure of cybersecurity risks and incidents amid increasing cybersecurity threats from cybercriminals, nation-states, competitors and “hacktivists,” and a host of significant breaches that have come to light in the last year (including one involving the SEC’s EDGAR system). The SEC’s guidance is to some extent a repetition of guidance issued in 2011 by the Commission’s Division of Corporation Finance (“2011 Staff Guidance”) which enhances its authoritativeness, but there are also some new and noteworthy substantive points.

View the alert.