On February 21, the Securities and Exchange Commission released updated interpretive guidance on cybersecurity disclosure, reaffirming staff guidance issued in 2011, providing more detailed guidance on disclosure of cybersecurity risks and incidents, advising companies to ensure that their disclosure controls and procedures take account of cybersecurity risks and noting the implications of cybersecurity incidents for insider trading prohibitions and Regulation FD compliance. The interpretive guidance lends the Commission’s imprimatur to the previously issued staff guidance and underscores the importance for a company to be attuned to securities law obligations when responding to or managing for cyber risks and incidents.


This communication, which we believe may be of interest to our clients and friends of the firm, is for general information only. It is not a full analysis of the matters presented and should not be relied upon as legal advice. This may be considered attorney advertising in some jurisdictions. Please refer to the firm's privacy notice for further details.