Cybersecurity Risks and Events Receive SEC Attention—Disclosure Guidance From Corp Fin

more+
less-

The US Securities and Exchange Commission’s Division of Corporate Finance (“Corp Fin”) recently released guidance regarding the obligation of a publicly traded company or issuer to disclose cybersecurity risks and incidents. Written in response to the increased evidence of concerted, targeted cyber attacks, Corp Fin’s issued guidance outlines disclosure considerations and recommends release of information to the market under certain circumstances. The risks associated with cyber penetration could affect financial statements, assessment of controls by management and independent auditors, and certifications required by Sarbanes-Oxley (“SOX”).

This new guidance on issuers’ disclosure obligations related to cybersecurity threats and incidents introduces additional issues for management to consider and presents new potential risks for management. Existing disclosure rules do not explicitly address cybersecurity. Nevertheless, this new guidance may impose obligations on issuers to disclose material information concerning cybersecurity risks and incidents, in order to make other disclosures, in light of circumstances under which they are made, not misleading or false. As with other operational and financial risks, issuers must review the adequacy of their disclosures related to cybersecurity risks and incidents. This guidance is similar to Corp Fin’s interpretive guidance concerning disclosure of climate change matters in so far as it does not create new disclosure standards, but instead emphasizes what Corp Fin wants issuers to consider.

Please see full alert below for more information.

LOADING PDF: If there are any problems, click here to download the file.

Published In: Business Organization Updates, Finance & Banking Updates, Privacy Updates, Science, Computers & Technology Updates, Securities Updates

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© White & Case LLP | Attorney Advertising

Don't miss a thing! Build a custom news brief:

Read fresh new writing on compliance, cybersecurity, Dodd-Frank, whistleblowers, social media, hiring & firing, patent reform, the NLRB, Obamacare, the SEC…

…or whatever matters the most to you. Follow authors, firms, and topics on JD Supra.

Create your news brief now - it's free and easy »