facebook linked in twitter


April 3, 2018

SEC Releases New Guidance on Cybersecurity Disclosures and Controls

By David F. Katz

ALM’s Cybersecurity Law & Strategy

In the 2018 April edition of ALM’s Cybersecurity Law & Strategy, David Katz, Nelson Mullins partner and leader of the Privacy and Information Security practice group, provides insight to new guidance issued by the Securities and Exchange Commission (SEC) on cybersecurity disclosures and control.

Katz writes, “On Feb. 21, 2018, the Securities and Exchange Commission (SEC) voted unanimously to approve a statement and interpretive guidance to assist the public in preparing disclosures about cybersecurity risks and incidents. The SEC’s February 2018 guidance expands upon previous guidance provided in October of 2011 by the SEC’s Division of Corporate Finance, which addressed the Division’s views regarding disclosure obligations relating to cyber risks and incidents.

“In response to the October 2011 guidance, many companies included additional cybersecurity disclosures in the form of risk factors. The SEC, in response to ‘increasing significance of cyber security incidents,’ has determined it is necessary to provide companies with further guidance on managing cybersecurity risks and disclosures of such risks.”