From: Dentons
Article by Andy Roth, Javier Ortiz and Andy Blair
The Securities Exchange Commission has joined a growing number of regulatory agencies in expressing interest in cybersecurity issues. As the foremost regulator of public companies, the SEC has a broad jurisdictional reach and enforcement powers that many other agencies lack. While no detailed regulations have been enacted, the SEC has issued guidance noting that cybersecurity issues should be disclosed as risk factors to the extent they are significant under Regulation S-K.
However, many organizations lack the procedural and technical frameworks necessary to identify key information assets and significant risks to the organization that should be disclosed under Regulation S-K. This White Paper highlights the critical aspects of the SEC’s cybersecurity guidance and how directors can maintain compliance and reduce shareholder risk.
Background
Cybersecurity is an increasingly major issue affecting every element of the publicly traded markets. The value of investor holdings is directly impacted by risk affecting digital assets.
On October 13, 2011 the Division of Corporation Finance at the Securities and Exchange Commission (SEC) issued non-rule, non-regulation, non-statement guidance regarding disclosure obligations relating to cyber security risks and cyber incidents.1 The guidance notes that securities laws are designed to elicit disclosure of timely, comprehensive and accurate information about risks and events that a reasonable investor would consider important to an investment decision and cyberscurity risks and events are not exempt from these requirements. Disclosures of cybersecurity risks and events may also be necessary to prevent other required disclosures from being misleading.
Leave a Reply