The SEC has issued new guidance for public companies, calling on them to be more forthcoming when disclosing cyber-security risks, even before a breach or attack happens. This expands on guidance they previously issued in 2011 and it also warns that corporate insiders must not trade shares when they have information about cyber-security issues that aren’t public. The SEC added that even though companies are not required to reveal sensitive information that could compromise cyber-security measures, they also cannot use internal or law enforcement investigations as an excuse for not informing the public. Many individuals on the SEC say the guidance doesn’t go far enough and that many public companies still provide disclosures about cyber-security risks that are far from robust and that the commission has only taken limited action. They also mention that the SEC could have helped companies formulate more meaningful disclosure for investors however the new guidance issued does not give them the ability to do so and it only provides modest changes to the 2011 staff guidance. It remains to be seen what other actions or guidance the SEC provides on cyber-security related issues.
The SEC says companies must disclose more information about cybersecurity risks
Leave a Reply
You must be logged in to post a comment.