The Securities and Exchange Commission released new guidance calling for public companies to be more transparent regarding their cybersecurity risks—both before and after an attack.
“[T]he Commission believes that it is critical that public companies take all required actions to inform investors about material cybersecurity risks and incidents in a timely fashion,” the report states, “including those companies that are subject to material cybersecurity risks but may not yet have been the target of a cyber-attack.”
The interpretive guidance, which is a format used to clarify the SEC’s views on security laws and regulations, was built on a 2011 report on the same topic and unanimously approved by all five members of the commission.
This article was submitted by Jonathan T. Armiger, Armiger Law. If you would like to submit content or write an article for the E-Discovery, Information Governance & Cybersecurity Section, please email Kara Sikorski at firstname.lastname@example.org.