Who is listening? The SEC emphasizes importance of cybersecurity disclosure
Abstract
Purpose
The purpose of this paper is to explain the SEC's recent guidance on disclosure obligations related to cybersecurity risks and cyber incidents.
Design/methodology/approach
The paper provides an overview of the guidance, including recommended mention of cybersecurity and cyber incident considerations in a company's discussion of risk factors, MD&A, description of business, disclosure of legal proceedings, financial statement disclosures, and disclosure controls and procedures. The paper recommends steps that companies should take in light of the guidance, including a review of cybersecurity practices, cyber disclosure, disclosure controls and procedures, regulation S‐P information security policies and procedures, and other legislative and regulatory proposals relating to cybersecurity.
Findings
The SEC staff guidance clarifies that even though the SEC's existing disclosure rules do not specifically reference cybersecurity, public companies should consider the growing importance of cybersecurity and make appropriate disclosures “consistent with the relevant disclosure considerations that arise in connection with any business risk”.
Originality/value
The paper provides expert guidance by experienced financial services lawyers.
Keywords
Citation
Krus, C.M. (2012), "Who is listening? The SEC emphasizes importance of cybersecurity disclosure", Journal of Investment Compliance, Vol. 13 No. 1, pp. 30-32. https://doi.org/10.1108/15285811211216673
Publisher
:Emerald Group Publishing Limited
Copyright © 2012, Emerald Group Publishing Limited