26 February 2018
On February 21, 2018, the Securities and Exchange Commission issued a statement and interpretive guidance (the "Guidance") to assist issuers in preparing disclosures regarding cybersecurity risks and incidents. Following the Guidance, issuers should expect enhanced scrutiny of their cybersecurity related disclosures and policies and procedures. As a result, issuers should take steps to enhance their current practices. The Guidance stresses the importance of sufficient cybersecurity policies and procedures and emphasizes the risk of insider trading based on the possession of material non-public information about cybersecurity incidents or risks. Although the Guidance was supported by the full Commission, the two Democrat appointees voiced concern that it did not go far enough.
The Securities and Exchange Commission Issues New Cybersecurity Disclosure Guidance