Cybersecurity Risks and Events Receive SEC Attention—Disclosure Guidance From Corp Fin


The US Securities and Exchange Commission’s Division of Corporate Finance (“Corp Fin”) recently released guidance regarding the obligation of a publicly traded company or issuer to disclose cybersecurity risks and incidents. Written in response to the increased evidence of concerted, targeted cyber attacks, Corp Fin’s issued guidance outlines disclosure considerations and recommends release of information to the market under certain circumstances. The risks associated with cyber penetration could affect financial statements, assessment of controls by management and independent auditors, and certifications required by Sarbanes-Oxley (“SOX”).

This new guidance on issuers’ disclosure obligations related to cybersecurity threats and incidents introduces additional issues for management to consider and presents new potential risks for management. Existing disclosure rules do not explicitly address cybersecurity. Nevertheless, this new guidance may impose obligations on issuers to disclose material information concerning cybersecurity risks and incidents, in order to make other disclosures, in light of circumstances under which they are made, not misleading or false. As with other operational and financial risks, issuers must review the adequacy of their disclosures related to cybersecurity risks and incidents. This guidance is similar to Corp Fin’s interpretive guidance concerning disclosure of climate change matters in so far as it does not create new disclosure standards, but instead emphasizes what Corp Fin wants issuers to consider.

Please see full alert below for more information.

LOADING PDF: If there are any problems, click here to download the file.

Written by:

Published In:

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© White & Case LLP | Attorney Advertising

Don't miss a thing! Build a custom news brief:

Read fresh new writing on compliance, cybersecurity, Dodd-Frank, whistleblowers, social media, hiring & firing, patent reform, the NLRB, Obamacare, the SEC…

…or whatever matters the most to you. Follow authors, firms, and topics on JD Supra.

Create your news brief now - it's free and easy »

All the intelligence you need, in one easy email:

Great! Your first step to building an email digest of JD Supra authors and topics. Log in with LinkedIn so we can start sending your digest...

Sign up for your custom alerts now, using LinkedIn ›

* With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name.