SEC announces new guidance for public company disclosures on cybersecurity risks
Purpose: To discuss the new guidance on public companies’ disclosure obligations regarding cybersecurity risks and incidents, which was recently unanimously approved by the Securities and Exchange Commission (SEC). Design/methodology/approach: Outlines the general disclose requirements and the materiality standard set forth by the SEC, explains specific guidance on public company cybersecurity disclosure, and discusses cybersecurity risk management and insider trading policies. Findings: In addition to clarifying the disclosure requirements with respect to cybersecurity issues, the article discusses two additional areas of concern identified by the New Guidance that public companies should consider in the context of cybersecurity and related disclosure. First, public companies must design and maintain policies and procedures to help manage cybersecurity risks and respond to incidents as they occur. Second, public companies should consider adopting insider trading policies that specifically prohibit management and other corporate insiders from trading on the basis of material non-public information regarding a cybersecurity risk or incident. Originality/value: Practical analysis of the guidance on disclosure obligations regarding cybersecurity risks and incidents, including discussion surrounding two aspects of cybersecurity not previously addressed in prior SEC staff guidance on the topic.
Year of publication: |
2018
|
---|---|
Authors: | Gelfond, Stuart ; Dean, Una ; Rao, Dave N. ; Sedor, Justin |
Published in: |
Journal of Investment Compliance. - Emerald, ISSN 1528-5812, ZDB-ID 2048718-6. - Vol. 19.2018, 4 (31.10.), p. 22-25
|
Publisher: |
Emerald |
Saved in:
Online Resource
Saved in favorites
Similar items by person
-
Gelfond, Stuart, (2014)
-
SEC adopts "crowdfunding" rules for start-up businesses : an easy way to bet on the next Google?
Gelfond, Stuart, (2016)
-
Gelfond, Stuart, (2017)
- More ...