As the latest 10-K filing period for corporations draws to a close, the Securities and Exchange Commission (SEC) is expected to intensify its scrutiny on whether companies’ filings adequately disclose both information security breaches that occurred in the past, and the material risks due to cyber threats such companies face in the future. Since the Senate Commerce Committee focused greater attention upon corporate cybersecurity in a letter to the SEC on May 12, 2011, momentum has been building for expanded corporate disclosure of cybersecurity safeguards and security breaches. In October 2011, the SEC issued guidance that publicly traded companies have a duty to disclose “material information regarding cybersecurity risks and cyber incidents” where failure to do so would make other disclosures misleading. Recent developments both inside and outside the SEC show that corporations can expect an even brighter spotlight this year upon their cybersecurity efforts – and shortfalls. Now more than ever, publicly traded companies need to be prepared to address, whether in responses to SEC comment letters or in preparing future filings, what material risks they may have due to cyber threats and whether they have taken steps to address such risks and vulnerabilities.
Continue Reading Putting the SEC Spotlight on Corporate Cyber Risks