As companies have migrated toward increasing dependence on digital technologies to conduct their operations, the risks to these companies associated with cybersecurity incidents have also increased. The consequences of a cybersecurity breach are often severe, and can include theft of financial assets or intellectual property, misappropriation of sensitive information, data corruption, and intentional disruption of the operations of a company, to name just a few. These breaches can arise in myriad ways - from intentional attacks perpetrated by sophisticated and organized hackers to accidental misplacement of data by employees within a company's ranks.

Corporate stakeholders, in turn, have placed pressure on lawmakers and the Securities and Exchange Commission to clarify how these risks and their related potential impact on the operations of a registrant should be described within the framework of the disclosure obligations imposed by the federal securities laws. In response, over the past year the SEC has issued guidance that assists registrants in assessing what, if any, disclosures should be provided about cybersecurity matters in light of each registrant's specific facts and circumstances...