New SEC Cybersecurity Guidance: Focus on Governance
View Client Update
Key takeaways
- The SEC’s newly issued Guidance makes clear that public companies must have appropriate and effective disclosure controls and procedures to make accurate and timely disclosures of material events related to cybersecurity.
- The Guidance also encourages companies to consider how their policies, procedures, and controls prevent trading on the basis of nonpublic information related to cybersecurity risks and incidents.
- Although the Guidance does not introduce novel concepts and expectations, companies should assess and, as appropriate, revise their existing disclosure policies, controls and procedures to ensure that they effectively address cyber-related matters.