It’s been seven years since the U.S. Securities and Exchange Commission (Commission) issued its initial guidance to public companies on cybersecurity disclosure.
And last week – in the midst of Form 10-K filing season – the Commission released updated interpretive guidance urging companies to be more transparent in disclosing cybersecurity risks in their public filings; to disclose material data security incidents in a “timely fashion;” and to implement safeguards such as trading bans to prevent insiders from selling securities after a breach is detected but before it is publicly disclosed. The guidance also underscores the responsibilities of senior management and boards in cyber risk oversight.
Please see full publication below for more information.