facebook linked in twitter


March 6, 2018

SEC cybersecurity guidance: What CCOs should know

By Kay A. Gordon

Compliance Reporter

On February 21, 2018 the Securities and Exchange Commission voted unanimously to approve a statement and interpretive guidance to assist the public in preparing disclosures about cybersecurity risks and incidents. The guidance expands upon previous guidance provided in October of 2011 by the SEC’s Division of Corporate Finance in response to “increasing significance of cyber security incidents.”

The 2018 guidance consists of two main topics that were not developed as part of the 2011 guidance. First, the updated guidance emphasizes the criticality of establishing and maintaining comprehensive policies and procedures related to cybersecurity risks and incidents. Second, the guidance is intended to remind companies of the “applicable insider trading prohibitions under the general antifraud provisions of federal securities laws and of their obligations to refrain from making selective disclosures.”