SEC announces new guidance for public company disclosures on cybersecurity risks
Journal of Investment Compliance
ISSN: 1528-5812
Article publication date: 31 October 2018
Issue publication date: 29 November 2018
Abstract
Purpose
To discuss the new guidance on public companies’ disclosure obligations regarding cybersecurity risks and incidents, which was recently unanimously approved by the Securities and Exchange Commission (SEC).
Design/methodology/approach
Outlines the general disclose requirements and the materiality standard set forth by the SEC, explains specific guidance on public company cybersecurity disclosure, and discusses cybersecurity risk management and insider trading policies.
Findings
In addition to clarifying the disclosure requirements with respect to cybersecurity issues, the article discusses two additional areas of concern identified by the New Guidance that public companies should consider in the context of cybersecurity and related disclosure. First, public companies must design and maintain policies and procedures to help manage cybersecurity risks and respond to incidents as they occur. Second, public companies should consider adopting insider trading policies that specifically prohibit management and other corporate insiders from trading on the basis of material non-public information regarding a cybersecurity risk or incident.
Originality/value
Practical analysis of the guidance on disclosure obligations regarding cybersecurity risks and incidents, including discussion surrounding two aspects of cybersecurity not previously addressed in prior SEC staff guidance on the topic.
Keywords
Citation
Gelfond, S., Dean, U., Rao, D.N. and Sedor, J. (2018), "SEC announces new guidance for public company disclosures on cybersecurity risks", Journal of Investment Compliance, Vol. 19 No. 4, pp. 22-25. https://doi.org/10.1108/JOIC-06-2018-0041
Publisher
:Emerald Publishing Limited
Copyright © 2018 Fried, Frank, Harris, Shriver &Jacobson LLP.