SEC Takes Baby Steps on Cyber, but Signals Greater Vigilance

Sheppard Mullin Richter & Hampton LLP

On February 21, the Securities and Exchange Commission issued new Interpretive Guidance regarding disclosures of cybersecurity-related information by publicly traded companies. This guidance comes in the context of public pressure on the SEC to update its 2011 Division of Corporation Finance guidance regarding cybersecurity risks and incidents. According to SEC Chairman Jay Clayton’s statement, this new document serves to reinforce and expand the prior guidance. It lays out principles that companies should follow in determining when cybersecurity information should be disclosed, and what should be disclosed.

The guidance also focuses on the need for companies to develop disclosure controls and procedures, to allow them to responsibly discern the impact that cybersecurity risks or events may have on the company and determine whether they are material to investors. It also emphasized the Commission’s view that directors, officers and other persons in positions of high-level responsibility need to be informed about the cybersecurity risks and incidents that a company encounters.

Putting It Into Practice: The new guidance does not so much break new ground as re-emphasize and reinforce existing principles. Indeed, SEC Commissioner Kara Stein criticized it for not going far enough to respond to cybersecurity risks and the need for public companies to disclose them. However, if you work for a public company facing cybersecurity risk, or you advise one, the new guidance contains useful principles and examples to consider in determining what information your company should disclose, when to do so, and how to avoid allegations of insider trading on cybersecurity information that is not yet public. The document also signals growing vigilance by the SEC in policing public company behavior relating to cybersecurity.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Sheppard Mullin Richter & Hampton LLP | Attorney Advertising

Written by:

Sheppard Mullin Richter & Hampton LLP

Sheppard Mullin Richter & Hampton LLP on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.