ARTICLE

To print this article, all you need is to be registered or login on Mondaq.com.

This practice note provides guidance on the disclosure of cybersecurity risks and incidents that public companies should include in their offering materials and periodic reports filed with the Securities and Exchange Commission (SEC). The practice note explains the SEC's focus and rulemaking activities on cybersecurity issues, such as the 2018 interpretive guidance on disclosing material cybersecurity risks and incidents, and the 2023 final rules on enhancing and standardizing cybersecurity disclosure. The practice note also discusses some examples of cybersecurity-related disclosures in different sections of the documents, such as the risk factors, business, and management's discussion and analysis (MD&A) sections. The examples highlight how companies may provide detailed and specific information on the nature and magnitude of cybersecurity risks or prior incidents, the actual or potential harms and costs of a cyber breach, the legal and regulatory requirements and implications, and the policies and procedures to address cybersecurity issues. Finally, the practice note offers some practical advice on how to prepare and enhance the required disclosures on cybersecurity risks and incidents, taking into account the materiality, completeness, and accuracy of the information, as well as the balance between providing sufficient details and safeguarding sensitive information.

Downloads – Download Document

Visit us at mayerbrown.com

Mayer Brown is a global services provider comprising associated legal practices that are separate entities, including Mayer Brown LLP (Illinois, USA), Mayer Brown International LLP (England & Wales), Mayer Brown (a Hong Kong partnership) and Tauil & Chequer Advogados (a Brazilian law partnership) and non-legal service providers, which provide consultancy services (collectively, the "Mayer Brown Practices"). The Mayer Brown Practices are established in various jurisdictions and may be a legal person or a partnership. PK Wong & Nair LLC ("PKWN") is the constituent Singapore law practice of our licensed joint law venture in Singapore, Mayer Brown PK Wong & Nair Pte. Ltd. Details of the individual Mayer Brown Practices and PKWN can be found in the Legal Notices section of our website. "Mayer Brown" and the Mayer Brown logo are the trademarks of Mayer Brown.

© Copyright 2023. The Mayer Brown Practices. All rights reserved.

This Mayer Brown article provides information and comments on legal issues and developments of interest. The foregoing is not a comprehensive treatment of the subject matter covered and is not intended to provide legal advice. Readers should seek specific legal advice before taking any action with respect to the matters discussed herein.