Client Alert
In 2011, the SEC staff issued guidance regarding disclosure obligations relating to cybersecurity risks and incidents, which indicated that, although no existing disclosure requirement explicitly refers to cybersecurity risks and cyber incidents, companies nonetheless may be obligated to disclose such risks and incidents. After issuing that guidance, the SEC noted that many companies included additional cybersecurity disclosure, typically in the form of risk factors.

Today, in light of the increasing significance of cybersecurity incidents, the SEC published a press release and additional Commission-level guidance, which reinforces and expands upon the SEC staff guidance provided in 2011 and addresses two additional topics:

  1. The importance of establishing and maintaining appropriate and effective disclosure controls and procedures to make accurate and timely disclosures of material cybersecurity events.
  2. The application of insider trading prohibitions in the cybersecurity context, including the obligation to refrain from making selective disclosures of material nonpublic information about cybersecurity risks or incidents.

Related Practices

We have always been focused on finance.

  • 1913
    TS Chapman partners with Henry Cutler to form Chapman and Cutler
  • 1st
    Chapman's first client in 1913 is still a client of the firm today
  • 22
    Diverse financial practices serving regional, national, and global clients
  • 6
    Offices across the country and in key US financial centers

We use cookies to deliver our online services. Details of the cookies we use and instructions on how to disable them are set out in our Privacy Policy. By using this website you agree to our use of cookies.