In the wake of the cyber attacks experienced by a number of large companies in recent months, including Citi, Google and Sony, the Securities and Exchange Commission's Division of Corporation Finance provided companies with guidelines last month for disclosing cyber risks and cyber attacks.
Companies should disclose cyber risks and cyber incidents if the information would be important to an investor's decision about the company, according to the guidance. It goes on to detail the various parts of SEC filings where such information might be included.
Alan Charles Raul, a partner who heads the privacy, data security and information law practice at Sidley Austin, says SEC rules already mandate that companies make such disclosures. "The legal requirements are the existing legal requirements," Raul says.
Complete your profile to continue reading and get FREE access to Treasury & Risk, part of your ALM digital membership.
Your access to unlimited Treasury & Risk content isn’t changing.
Once you are an ALM digital member, you’ll receive:
- Thought leadership on regulatory changes, economic trends, corporate success stories, and tactical solutions for treasurers, CFOs, risk managers, controllers, and other finance professionals
- Informative weekly newsletter featuring news, analysis, real-world case studies, and other critical content
- Educational webcasts, white papers, and ebooks from industry thought leaders
- Critical coverage of the employee benefits and financial advisory markets on our other ALM sites, PropertyCasualty360 and ThinkAdvisor
Already have an account? Sign In Now
*May exclude premium content© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
