| |

SEC Cybersecurity Risk Reporting Guidance

By Stephen Barlas
May 1, 2018

The Securities & Exchange Commission (SEC) published guidance at the end of February 2018 on what companies should disclose within 10-Ks and 10-Qs with regard to cybersecurity risks.


This new guidance doesn’t really go much beyond the staff guidance issued in 2011, and that may be one reason that Commissioners Kara Stein and Robert Jackson both expressed reservations and advocated for the SEC to do more.


According to the law firm Shearman & Sterling, Commissioner Stein acknowledged that further action in this area may require formal SEC rule making rather than interpretation of existing rules, and the interpretive guidance itself states that the Commission “continues to consider other means of promoting appropriate disclosure of cyber incidents.” To view the guidance in the Federal Register, go to: http://bit.ly/2HehBma.


Stephen Barlas has covered Washington, D.C., for trade and professional magazines since 1981 and since 1984 for Strategic Finance and its predecessor Management Accounting. You can reach him at sbarlas@verizon.net.
0 No Comments
You may also like