Cybersecurity threats have reached a point where they cannot go ignored by any government agency, even the U.S. Securities and Exchange Commission. Although an agency that is tasked with protecting investors is not one that typically comes to mind in the battle against cyberthreats, the SEC does maintain jurisdiction over cybersecurity issues for public companies, broker-dealers and investment advisers, due to its responsibilities for ensuring the disclosure of material information, integrity of market systems and customer data protection.
The SEC began focusing on cybersecurity issues in October 2011 by issuing guidance for public companies on disclosing risks and incidents within the already existing framework of public company disclosure requirements. The SEC’s guidance clarified the material information regarding cybersecurity risks and incidents that requires disclosure. Since then, the number of disclosures about data breach incidents, risk factors, trends and uncertainties, and legal proceedings related to cybersecurity threats has grown. Although requiring this enhanced disclosure regarding cybersecurity issues is intended to protect investors and provide greater information to those with national security responsibilities, it is providing collateral benefits as well. In order to avoid securities law liability for material omissions or misstatements in their public filings, public companies are finding that they must pay closer attention to their policies, procedures and compliance systems in the area of cybersecurity. One area public companies should revisit is their disclosure controls and procedures to ensure that those procedures adequately address reporting up cybersecurity risks and incidents. In addition, many public company boards of directors are starting to rethink risk oversight in this area and, as companies seek new directors to join their boards, experience in overseeing cybersecurity risks may become a highly sought attribute. Companies that want to ensure better cybersecurity risk oversight at the board level should consider revising their annual board evaluations and director questionnaires in this regard.
This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.
To view this content, please continue to their sites.
Not a Lexis Subscriber?
Subscribe Now
Not a Bloomberg Law Subscriber?
Subscribe Now
LexisNexis® and Bloomberg Law are third party online distributors of the broad collection of current and archived versions of ALM's legal news publications. LexisNexis® and Bloomberg Law customers are able to access and use ALM's content, including content from the National Law Journal, The American Lawyer, Legaltech News, The New York Law Journal, and Corporate Counsel, as well as other sources of legal information.
For questions call 1-877-256-2472 or contact us at [email protected]
