The SEC Issues Guidance to Public Companies on Cybersecurity Disclosures
The SEC Issues Guidance to Public Companies on Cybersecurity Disclosures
Over the past year, the SEC has emphasized that one of the primary areas that the Commission will continue to focus its efforts is cybersecurity. In a speech given by SEC Chairman Jay Clayton on July 12, 2017, Chairman Clayton stated that “[p]ublic companies have a clear obligation to disclose material information about cyber risks and cyber events.” On September 20, 2017, Chairman Clayton issued a statement on cybersecurity, discussing disclosure guidance issued by the staff of the Division of Corporation Finance in 2011, and stating that “issuers should consider whether their publicly filed reports adequately disclose information about their risk management governance and cybersecurity risks, in light of developments in their operations and the nature of current and evolving cyber threats.” Chairman Clayton further provided that the SEC would “continue to evaluate [the 2011] guidance in light of the cybersecurity environment and its impacts on issuers and the capital markets generally.”
In light of the foregoing, on February 21, 2018, the SEC issued an interpretive release providing guidance to public companies concerning preparing disclosures about cybersecurity risks and incidents (the “SEC Release”). The SEC Release emphasized the importance of having effective “disclosure controls and procedures that provide an appropriate method of discerning the impact that such [cybersecurity] matters may have on the company and its business, financial condition, and results of operations, as well as a protocol to determine the potential materiality of such risks and incidents” and stated that the “development of effective disclosure controls and procedures is best achieved when a company’s directors, officers, and other persons responsible for developing and overseeing such controls and procedures are informed about the cybersecurity risks and incidents that the company has faced or is likely to face.” Additionally, the SEC Release cautioned against insider trading by directors, officers and other company insiders while in possession of material nonpublic information, including, but not limited to, “knowledge regarding a significant cybersecurity incident experienced by the company.” The SEC Release can be found here.
Faruqi & Faruqi, LLP focuses on complex civil litigation, including securities, antitrust, wage and hour and consumer class actions as well as shareholder derivative and merger and transactional litigation. The firm is headquartered in New York, and maintains offices in Atlanta, Los Angeles and Philadelphia.
Since its founding in 1995, Faruqi & Faruqi, LLP has served as lead or co-lead counsel in numerous high-profile cases which ultimately provided significant recoveries to investors, direct purchasers, consumers and employees.
To schedule a free consultation with our attorneys and to learn more about your legal rights, call our offices today at (877) 247-4292 or (212) 983-9330.
