SEC cyber guidance helps corporates avoid breaches

Author: John Crabb | Published: 11 Jan 2019

Interpretive guidance issued by the Securities and Exchange Commission (SEC) in February 2018 has been effectively helping corporates to prepare disclosures and control cybersecurity risks in the 11 months since it was released. The guidance offered clarity regarding what needs to be reported, to whom, and when, and has shown that the Commission is taking the issue very seriously.

It has been clear for several years that cybersecurity issues were becoming more serious, said Sherrese Smith, partner at Paul Hastings. "There is nothing like having the SEC reiterate numerous times that a lack of internal controls or processes and policies are almost a per se issue from their perspective," she added.

"It has allowed companies to dedicate the resources and finances necessary to improve their cybersecurity practices so that they don’t have issues later on. Boards are now asking C-suites to explain what they are doing, and what controls are in place for...


 

 

close Register today to read IFLR's global coverage

Get unlimited access to IFLR.com for 7 days*, including the latest regulatory developments in the global financial sector, updated daily.

  • Deal Analysis
  • Expert Opinion
  • Best Practice

register

*all IFLR's global coverage published in the last 3 months.

Read IFLR's global coverage whenever and wherever you want for 7 days with IFLR mobile app for iPad and iPhone

"The format of the Review has changed over the years; the high quality of its substantive content has not."
Lee C Buchheit, Cleary Gottlieb

register