Public companies received new guidance from the SEC on Wednesday, February 21, on the disclosures they should make related to cybersecurity.
The previous guidance, issued in October 2011, stated that companies may be obligated to disclose cybersecurity risks and incidents, but it did not provide specific disclosure requirements. The increasing number and severity of cybersecurity incidents has led the SEC to conclude that more specific disclosure requirements are necessary.
In an interpretation and statement issued Wednesday, the SEC stated that it expects companies to disclose cybersecurity risks and incidents that are material to investors, including financial, legal, or other related consequences.
To read about these new requirements, visit the Journal of Accountancy's post.