SEC Refreshes Cyber Guidance: Key Takeaways

February 26, 2018

It’s been seven years since the U.S. Securities and Exchange Commission (Commission) issued its initial guidance to public companies on cybersecurity disclosure.

And last week – in the midst of Form 10-K filing season – the Commission released updated interpretive guidance urging companies to be more transparent in disclosing cybersecurity risks in their public filings; to disclose material data security incidents in a “timely fashion;” and to implement safeguards such as trading bans to prevent insiders from selling securities after a breach is detected but before it is publicly disclosed. The guidance also underscores the responsibilities of senior management and boards in cyber risk oversight. While the guidance becomes effective once published in the Federal Register, it makes clear that cybersecurity risk disclosure and management is now one of the top priorities for the Commission.

To continue reading our alert on this topic, please click here