On February 21, the Securities and Exchange Commission released updated interpretive guidance on cybersecurity disclosure, reaffirming staff guidance issued in 2011, providing more detailed guidance on disclosure of cybersecurity risks and incidents, advising companies to ensure that their disclosure controls and procedures take account of cybersecurity risks and noting the implications of cybersecurity incidents for insider trading prohibitions and Regulation FD compliance. The interpretive guidance lends the Commission’s imprimatur to the previously issued staff guidance and underscores the importance for a company to be attuned to securities law obligations when responding to or managing for cyber risks and incidents.

Related materials
Read the full update
Copy link to share post