A slightly different take on the SEC cybersecurity disclosure guidance
The recent rash of cyber breaches at public companies and an outcry from federal lawmakers has prompted U.S. securities regulators to issue guidance for when companies must disclose cyber attacks to investors. The guidelines issued by the U.S. Securities and Exchange Commission are to help reporting companies determine whether they need to disclose the risks they face in protecting their electronic data, as well as the costs they have incurred or could incur because of cybersecurity breaches.
The increase in corporate reliance on computer networks and electronic data has brought a corresponding increase in risks associated with breaches of their security. Breaches are now more frequent and severe. Public companies and their advisors should focus greater attention on how disclosure obligations under the federal securities laws may be affected by the potential financial and operational impact of cybersecurity breaches.
Click here for the latest WGA Whitepaper outlining in detail the issues that companies and their advisors will have to consider as they determine how to respond to these new Guidelines.
About the Author
John Doernberg is a Vice President at WGA. He is responsible for developing relationships and serving as a resource for WGA clients, with a particular focus on privacy, information security and risk management issues. Before becoming an insurance broker in 1995, he practiced law for more than ten years at major firms.