SEC Clarifies Guidance Regarding Cybersecurity Risks

[DooKey]

The SEC has issued an interpretive release that further clarifies guidance concerning disclosure of cybersecurity risks. The SEC wants companies to put policies in place that result in timely notification of breaches to the public, and better yet, policies that prevent executives from trading shares before they release information to the public. However, while all of this sounds good in theory it's only guidance. Further, I believe enforceable rules should be put in place that mandate compliance and standards for cybersecurity and public disclosure that are more robust than what's out there now.

Given the frequency, magnitude and cost of cybersecurity incidents, the Commission believes that it is critical that public companies take all required actions to inform investors about material cybersecurity risks and incidents in a timely fashion, including those companies that are subject to material cybersecurity risks but may not yet have been the target of a cyber-attack.

 

[katanaD]

However, while all of this sounds good in theory it's only guidance

so.. much ado about nothing. good thing the SEC is on it!!

 

[RealBeast]

"including those companies that are subject to material cybersecurity risks but may not yet have been the target of a cyber-attack"

Great idea, letting everyone know that you have vulnerabilities that concern you but you haven't secured. What could possibly go wrong with that idea?