Earlier today, our colleagues David Engvall, Keir Gumbs, Reid Hooper, and Matthew Wood in the Securities and Capital Markets practice group posted the below article on the SEC’s new statement and interpretive guidance on public company cybersecurity disclosures and insider trading on the Cov Financial Services blog. The original article can be read here.
On February 21, 2018, the U.S. Securities and Exchange Commission (the “Commission”) approved a statement and interpretive guidance that provides the Commission’s views on a public company’s disclosure obligations concerning cybersecurity risks and incidents (the “2018 Commission Guidance”). This guidance reinforces and expands upon previous cybersecurity disclosure guidance issued by the Division of Corporation Finance (the “Staff”) in October 2011 (the “2011 Staff Guidance”). The 2018 Commission Guidance also focuses on two additional issues: (i) maintenance of comprehensive policies and procedures related to cybersecurity, including sufficient disclosure controls and procedures, and (ii) insider trading in the cybersecurity context.