SEC Issues Cybersecurity Risk Guidance for Companies
The SEC adopted interpretive guidance to help companies prepare disclosures about cybersecurity risks and incidents, the agency said Wednesday. Chairman Jay Clayton said the guidance highlights federal securities laws' disclosure requirements and the importance of policies and procedures for disclosure…
Sign up for a free preview to unlock the rest of this article
Export Compliance Daily combines U.S. export control news, foreign border import regulation and policy developments into a single daily information service that reliably informs its trade professional readers about important current issues affecting their operations.
controls. He said the aim of the guidance is "clearer and more robust disclosure by companies" about cybersecurity risks, giving investors more complete information. The commission said it's not suggesting companies must make detailed disclosures such as specific technical information about their systems or potential system vulnerabilities, but they should disclose incidents and risks material to investors, including financial, legal or reputational consequences. The agency said companies might need to disclose previous or ongoing incidents to put risk discussions in context.