SEC Issues Updated Guidance on Public Company Cybersecurity Disclosures

Laura E. Goldsmith of Proskauer writes:

On February 21, 2018, the Securities and Exchange Commission (SEC) issued an interpretive Commission Statement and Guidance on Public Company Cybersecurity Disclosures (the “Guidance”) to assist public companies in meeting their cybersecurity disclosure requirements under the federal securities laws. The Guidance notes that, as reliance on networked systems and the Internet have increased, so too have the risks and frequency of cybersecurity incidents, and companies have no choice but to incur the considerable costs of addressing information security risks, particularly in the wake of a cybersecurity incident. Examples of such costs include IT costs, employee training, remediation expenses, litigation, agency investigations and enforcement actions, reputational harm and damage to long-term shareholder value.

Read more on Proskauer Privacy Law Blog.

Related: SEC Clarifies Existing Cybersecurity Disclosure Guidance (BakerHostetler)

US company with access to biggest telecom firms uncovers breach by nation-state hackers
UK: FCA fines former employee of Virgin Media O2 for data protection breach
The 4TB time bomb: when EY's cloud went public (and what it taught us)
Toys “R” Us Canada customers notified of breach of personal information
Gatineau gymnastics centre warns members of possible data breach
Hotel and Casino near Las Vegas Strip suffers data breach, documents say