SEC Staff Issues Guidance Regarding Cybersecurity Risks And Incidents Disclosure


The Staff of the Securities and Exchange Commission’s Division of Corporate Finance has issued guidance regarding disclosure of risks of cyber-attacks and reporting of attacks that have occurred.

A reporting company that is dependent on digital technologies in conducting its business should consider disclosure of vulnerabilities to unintentional security breaches, as well as deliberate attacks, including by unauthorized access, denial of service, and social engineering. Deliberate attacks may be intended to steal assets, intellectual property, other sensitive information or to disrupt operations of the reporting company or its customers or others with whom the company has business relations. Resulting material costs may include...

Please see full article below for more information.

LOADING PDF: If there are any problems, click here to download the file.