SEC interpretive guidance intended to help public companies prepare disclosure statements about cybersecurity risks and incidents was published in the Federal Register.
In the guidance (previously covered here), the SEC outlined various rules and requirements that may obligate companies to disclose cybersecurity-related information. The SEC also addressed two new topics: (i) the importance of cybersecurity policies and procedures, and (ii) the application of insider trading prohibitions in the cybersecurity context. The SEC urged companies to be vigilant with regard to insider trading laws in connection with cyber vulnerabilities and breaches.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.