It’s been seven years since the U.S. Securities and Exchange Commission (Commission) issued its initial guidance to public companies on cybersecurity disclosure.

And last week – in the midst of Form 10-K filing season – the Commission released updated interpretive guidance urging companies to be more transparent in disclosing cybersecurity risks in their public filings; to disclose material data security incidents in a “timely fashion;” and to implement safeguards such as trading bans to prevent insiders from selling securities after a breach is detected but before it is publicly disclosed. The guidance also underscores the responsibilities of senior management and boards in cyber risk oversight.