trending Market Intelligence /marketintelligence/en/news-insights/trending/-I3ZhzSY5S1DVX-iA_XtlQ2 content esgSubNav
In This List

SEC issues revised guidance on cybersecurity disclosure

Blog

Breaking into Europe’s Digital Infrastructure Markets: Drivers & Trends

Blog

Breaking into Europe’s Digital Infrastructure Markets: Drivers & Trends

Blog

Commercial Banking: June 22nd Edition

Blog

Understanding Loss Given Default A Review of Three Approaches


SEC issues revised guidance on cybersecurity disclosure

The U.S. Securities and Exchange Commission on Feb. 21 issued revised guidance on how public companies should handle disclosures of cybersecurity threats and breaches.

"I believe that providing the Commission's views on these matters will promote clearer and more robust disclosure by companies about cybersecurity risks and incidents, resulting in more complete information being available to investors," said SEC Chairman Jay Clayton.

"In particular, I urge public companies to examine their controls and procedures, with not only their securities law disclosure obligations in mind, but also reputational considerations around sales of securities by executives," Clayton added.

The agency noted that companies should disclose risks, even if they have not been exploited by hackers. In addition, the SEC warned insiders not to trade on information about undisclosed breaches.

By the same token, the guidance noted that the companies need not disclose information that might create openings for hackers. "We do not expect companies to publicly disclose specific, technical information about their cybersecurity systems, the related networks and devices, or potential system vulnerabilities in such detail as would make such systems, networks, and devices more susceptible to a cybersecurity incident," the guidance states.

"Nevertheless, we expect companies to disclose cybersecurity risks and incidents that are material to investors, including the concomitant financial, legal, or reputational consequences."