Governance | Reporting |
SEC Cybersecurity Risk Reporting GuidanceBy
The Securities & Exchange Commission (SEC) published guidance at the end of February 2018 on what companies should disclose within 10-Ks and 10-Qs with regard to cybersecurity risks.
This new guidance doesn’t really go much beyond the staff guidance issued in 2011, and that may be one reason that Commissioners Kara Stein and Robert Jackson both expressed reservations and advocated for the SEC to do more.
According to the law firm Shearman & Sterling, Commissioner Stein acknowledged that further action in this area may require formal SEC rule making rather than interpretation of existing rules, and the interpretive guidance itself states that the Commission “continues to consider other means of promoting appropriate disclosure of cyber incidents.” To view the guidance in the Federal Register, go to: http://bit.ly/2HehBma.