• PRO
  • Events
  • Awards
    • Client Choice New
    • Influencers
    Introducing Instruct Counsel
    The next generation search tool for finding the right lawyer for you.
  • About
  • Blog Popular
  • Login
  • Register
  • PRO
  • Resources
    • Latest updates
    • Commentary
    • Q&A
    • Analysis
    • Practical resources
    • In-depth
    • FromCounsel
  • Research tools
    • Global research hub
    • Lexy
    • Primary sources
    • Scanner
    • Research reports
    • Instruct Counsel
  • Resources
  • Research tools
  • Who's Who Legal
    • Find an expert
    • Reports
    • Thought Leaders
    • Performance Index
    • Research methodology
    • Submissions
  • Who's Who Legal
  • Learn
    • All
    • Masterclasses
    • Videos
  • Learn
  • Awards
  • My newsfeed
  • Events
  • About
  • Blog
  • Popular
  • Compare
  • Topics
  • Interviews
  • Guides

Analytics

Review your content's performance and reach.

  • Analytics dashboard
  • Top articles
  • Top authors
  • Who's reading?

Content Development

Become your target audience’s go-to resource for today’s hottest topics.

  • Trending Topics
  • Discover Content
  • Horizons
  • Ideation

Client Intelligence

Understand your clients’ strategies and the most pressing issues they are facing.

  • Track Sectors
  • Track Clients
  • Mandates
  • Discover Companies
  • Reports Centre

Competitor Intelligence

Keep a step ahead of your key competitors and benchmark against them.

  • Benchmarking
  • Competitor Mandates
Lexology

Back Forward
  • Save & file
  • View original
  • Forward
  • Share
    • Facebook
    • Twitter
    • Linked In
  • Follow
    Please login to follow content.
  • Like
  • Instruct

add to folder:

  • My saved (default)
  • Read later
Folders shared with you

Register now for your free, tailored, daily legal newsfeed service.

Find out more about Lexology or get in touch by visiting our About page.

Register

Cybersecurity Disclosures for Reporting Companies

Bryan Cave Leighton Paisner (Bryan Cave)

To view this article you need a PDF viewer such as Adobe Reader. Download Adobe Acrobat Reader

If you can't read this PDF, you can view its text here. Go back to the PDF .

USA May 29 2018

In our most recent Bryan Cave CLE Seminar “Current Issues Facing Public Companies,” Brendan Johnson presented on the disclosure obligations for reporting companies as they relate to cybersecurity and cyberattacks, sharing three takeaways for reporting companies: (1) evaluate the risks of cyberattacks; (2) understand evolving SEC guidance related to cyber disclosures; and (3) plan ahead for disclosure analysis in the event of a cyber incident. These takeaways are all the more relevant in light of the SEC’s February 21, 2018 guidance for public companies on cybersecurity.

Evaluate the Risks. In a statement issued on September 20, 2017 and reiterated in the February 2018 guidance, Chairman Jay Clayton outlined the risks of cyberattacks, including denials of service and destruction of systems (which can impede important market functionalities), loss or exposure of consumer data, theft of intellectual property, and regulatory, reputational and litigation risks. He underscored the fact that remediation costs are increasing. Companies should consider all of these risks and related potential costs as companies assess whether they are likely to meet the “materiality” threshold warranting disclosure – both in advance of an incident and in the event of an incident. 

Understand Evolving SEC Guidance. On February 21, 2018 the SEC released its most recent statements on cybersecurity issues for public companies. Much like Chairman Clayton’s September 2017 statement, the SEC stated that this new guidance on public company cybersecurity disclosures reinforces and expands upon the continuing relevance of CF Disclosure Guidance: Topic No. 2, released by the SEC on October 13, 2011 in connection with cybersecurity disclosures. Companies were reminded to review and provide appropriate risk factor disclosures and business descriptions which reflect the particular cyber risks and profile of the company. The February 2018 guidance also focused on the importance of maintaining disclosure controls and procedures which include cybersecurity information to ensure timely reporting of material information and the requirement that reporting companies consider insider trading policies and prohibitions in the event of a cyber incident. The February 2018 guidance also referenced the risk management responsibilities of boards of directors and the related disclosure requirements of Item 407(h) of Regulation S‑K.  

Plan Ahead. Given the prevalence of cyberattacks, companies should anticipate a cybersecurity event and game plan the response in terms of disclosure. A cybersecurity event is not an enumerated trigger for a Form 8‑K filing; however, a company could report such an event under Item 7.01 as “Regulation FD Disclosure” or Item 8.01 as an “Other Event.” Furthermore, both the New York Stock Exchange and the NASDAQ require companies to report material news to the market on a timely basis, which may include information regarding cyber incidents. There is plenty of room, nevertheless, for a company to determine in good faith that a specific cybersecurity event does not require separate disclosure, and companies should consider advantages and disadvantages of early disclosure when determining how and when to disclose. All public companies with material cybersecurity risks should have a plan in place for appropriate analysis with the appropriate decision makers well in advance of a cyber incident. 

Bryan Cave Leighton Paisner (Bryan Cave) - La-Dawn Naegle

Back Forward
  • Save & file
  • View original
  • Forward
  • Share
    • Facebook
    • Twitter
    • Linked In
  • Follow
    Please login to follow content.
  • Like
  • Instruct

add to folder:

  • My saved (default)
  • Read later
Folders shared with you

Filed under

  • USA
  • Company & Commercial
  • IT & Data Protection
  • Bryan Cave Leighton Paisner (Bryan Cave)

Organisations

  • US Securities and Exchange Commission

Popular articles from this firm

  1. Are sexy videos in the workplace okay? *
  2. Does the U.S.- German double tax treaty also apply to a U.S. limited liability company? *
  3. Your rehired employee may be eligible under FMLA before 12 months *
  4. New Mortgage Servicing Rules for “Successors in Interest” *
  5. Making a Difference (and a Profit): Advantages and Disadvantages of Forming or Converting into a “B” Entity *

If you would like to learn how Lexology can drive your content marketing strategy forward, please email [email protected].

Powered by Lexology

Related practical resources PRO

  • Checklist Checklist: Remote working - minimising cybersecurity risks (UK)
  • How-to guide How-to guide: Avoiding false or misleading advertising (USA) Recently updated
  • Checklist Checklist: Online advertising directed to children (USA) Recently updated
View all

Related research hubs

  • US Securities and Exchange Commission
  • USA
  • Company & Commercial
  • IT & Data Protection
Back to Top
Resources
  • Daily newsfeed
  • Commentary
  • Q&A
  • Research hubs
  • Learn
  • In-depth
  • Lexy: AI search
  • Scanner
Who's Who Legal
  • Find an expert
  • Reports
  • Thought Leaders
  • Performance Index
  • Research methodology
  • Submissions
  • Instruct Counsel
More
  • About us
  • Legal Influencers
  • Firms
  • Blog
  • Events
  • Popular
Legal
  • Terms of use
  • Cookies
  • Disclaimer
  • Privacy policy
Contact
  • Contact
  • RSS feeds
  • Submissions
 
  • Login
  • Register
  • Follow on Twitter
  • Follow on LinkedIn

© Copyright 2006 - 2023 Law Business Research

Law Business Research