SEC Announces New Guidance for Public Company Disclosures on Cybersecurity Risks

SEC Announces New Guidance for Public Company Disclosures on Cybersecurity Risks


By: Stuart H. Gelfond, Una A. Dean, Dave N. Rao, Justin Sedor

Recently, the Securities and Exchange Commission (the “SEC”) unanimously approved new guidance on public companies' disclosure obligations regarding cybersecurity risks and incidents. The SEC's Statement and Guidance on Public Company Cybersecurity Disclosures (the “New Guidance”) discusses the importance of cybersecurity-related disclosure in the context of current reporting obligations, presenting specific guidance on topics for inclusion in public disclosure. In addition, the New Guidance focuses on two aspects of cybersecurity not addressed in prior SEC staff guidance on the topic: (1) the vital importance of enacting and maintaining cybersecurity risk management policies and procedures, including disclosure controls, and (2) the relationship between cybersecurity risk and compliance with insider trading prohibitions.

Additional Information
publications-detail.inc