TY - JOUR AB - Purpose– This paper aims to familiarize readers about the nature and extent of the risks that listed companies and their boards of directors face by not addressing their attention to insuring the cyber-security of their operations and not disclosing cyber-episodes and their impact on operations as suggested by the SEC's Division of Corporate Finance. Design/methodology/approach– This article provides an overview of recent developments that led the SEC's Division of Corporate Finance to issue a non-binding guidance on cyber-security, along with an analysis of the importance of cyber-security in today's marketplace, those business sectors that already must comply with statutory and regulatory duties to safeguard private information, the applicable duties of directors under Delaware law, and an overview of the enforcement activities against companies that have experienced data breaches, as well as a discussion of private class actions that have sought damages claimed to have resulted from the negligence of companies and their boards to fulfill their duties to protect such information from being stolen due to inadequate systems and protective measures. Findings– The SEC Division of Corporate Finance's voluntary disclosure guidance concerning cyber-security offers various, non-binding reasons for listed companies to report about cyber-events that may be material to a business operation or profitability. Listed companies and their boards face enforcement and private litigation risks in the event of a cyber-incident because of the heightened interest in cyber-security, the considerable costs likely incurred as a result of a cyber-event, and the duties they owe to exercise appropriate oversight in the face of known risks. Originality/value– The paper provides practical explanation of developing issues by experienced corporate and litigation lawyers. VL - 14 IS - 4 SN - 1528-5812 DO - 10.1108/JOIC-10-2013-0034 UR - https://doi.org/10.1108/JOIC-10-2013-0034 AU - Clark Michael AU - E. Harrell Charles PY - 2013 Y1 - 2013/01/01 TI - Unlike chess, everyone must continue playing after a cyber-attack T2 - Journal of Investment Compliance PB - Emerald Group Publishing Limited SP - 5 EP - 12 Y2 - 2024/04/25 ER -