Laura E. Goldsmith of Proskauer writes:
On February 21, 2018, the Securities and Exchange Commission (SEC) issued an interpretive Commission Statement and Guidance on Public Company Cybersecurity Disclosures (the “Guidance”) to assist public companies in meeting their cybersecurity disclosure requirements under the federal securities laws. The Guidance notes that, as reliance on networked systems and the Internet have increased, so too have the risks and frequency of cybersecurity incidents, and companies have no choice but to incur the considerable costs of addressing information security risks, particularly in the wake of a cybersecurity incident. Examples of such costs include IT costs, employee training, remediation expenses, litigation, agency investigations and enforcement actions, reputational harm and damage to long-term shareholder value.
Read more on Proskauer Privacy Law Blog.
Related: SEC Clarifies Existing Cybersecurity Disclosure Guidance (BakerHostetler)