On 26 March 2014, the SEC held a round table discussion on cyber security-related issues, including a panel session on disclosure. The conference discussion about disclosure did not add much to a disclosure guidance from 2011 on this topic. Instead, most of the discussion revolved around what could change. Relevant points and suggestions included:
- companies would benefit from having a board member knowledgeable in cyber security issues;
- some panellists (not SEC members) suggested having a requirement to have a cyber-security committee or have the audit committee monitor cyber security issues;
- some panellists complained that companies have not been disclosing company or industry specific risks and have been using too much boiler plate;
- some panellists encouraged the SEC to provide more guidance. Others pushed back and said there is already enough guidance and companies are better positioned to determine the necessary disclosure; and
- disclosure often does not have an impact on share price but can lead to significant litigation costs as a result of frivolous law suits.
The presentation is available at: http://www.sec.gov/news/otherwebcasts/2014/cybersecurity-roundtable-032614.shtml
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
