The SEC Starts Talking About Cybersecurity


"Securing cyberspace is one of the most important and urgent challenges of our time." With these words in May 2011, Senator Jay Rockefeller, the Chairman of the Senate Commerce, Science and Transportation Committee, and four other Senators, called upon the Chairman of the Securities and Exchange Commission, Mary Schapiro, to develop and publish interpretive guidance clarifying existing disclosure requirements relating to cybersecurity risk. The Senators' letter stated that a substantial number of companies do not report this risk to investors. The Senators referred to a 2009 study by Hiscox, an insurance underwriter, that 38% of Fortune 500 companies made a "significant oversight" by not mentioning privacy or data security exposures in their public filings.

Chairman Schapiro, in the Commission's first official statement regarding the disclosure of cyber attacks, responded on June 6, 2011. Chairman Schapiro stated that existing disclosure requirements already impose a requirement that reporting companies disclose information regarding cyber security risk. The first requirement cited by the Chairman was Item 503(c) of Regulation S-K—Risk Factors — which requires disclosure of past and future cyber attacks or the effects of a cyber attack. The Chairman continued with her view, stating that the description of a company's business required by Item 101 would require disclosure if a company's trade secrets were compromised in a cyber attack; Item 103 could be implicated if there were pending material litigation relating to a company's customer database being attacked causing a release of personal information; and Item 303—MD&A — could also be implicated if the company's trade secrets were compromised resulting in operating costs and/or losses.

Please see full alert below for more information.

LOADING PDF: If there are any problems, click here to download the file.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Jackson Walker | Attorney Advertising

Written by:


Jackson Walker on:

Readers' Choice 2017
Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.

Already signed up? Log in here

*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.