Data Privacy Week kicked off with a major message for US publicly-traded companies: the Securities and Exchange Commission will be looking at cybersecurity. SEC Chairman Gary Gensler said in a speech to a virtual securities conference at Northwestern Pritzker School of Law that he has asked SEC staff to make recommendations regarding companies’ cybersecurity practices and risk disclosures. Gensler also indicated that he will also be considering whether companies should update disclosures to investors when cyber events occur.

“Cybersecurity is an emerging risk with which public issuers increasingly must contend,” Gensler said. “A lot of issuers already provide cyber risk disclosure to investors. I think companies and investors alike would benefit if this information were presented in a consistent, comparable, and decision-useful manner.”

Public (or soon-to-be-public) companies should pay close attention to data privacy and cybersecurity issues and boards should be prepared to discuss company policies and procedures and engage with management on these enterprise risk issues.

We discuss cybersecurity disclosures in preparation for 2021 Fiscal Year-End SEC filings and 2022 annual shareholder meetings in our annual memorandum available here.