March 6, 2018
On February 21, 2018 the Securities and Exchange Commission voted unanimously to approve a statement and interpretive guidance to assist the public in preparing disclosures about cybersecurity risks and incidents. The guidance expands upon previous guidance provided in October of 2011 by the SEC’s Division of Corporate Finance in response to “increasing significance of cyber security incidents.”
The 2018 guidance consists of two main topics that were not developed as part of the 2011 guidance. First, the updated guidance emphasizes the criticality of establishing and maintaining comprehensive policies and procedures related to cybersecurity risks and incidents. Second, the guidance is intended to remind companies of the “applicable insider trading prohibitions under the general antifraud provisions of federal securities laws and of their obligations to refrain from making selective disclosures.”
These materials have been prepared for informational purposes only and are not legal advice. This information is not intended to create, and receipt of it does not constitute, an attorney-client relationship. Internet subscribers and online readers should not act upon this information without seeking professional counsel.