In a letter responding to a request by Senator Jay Rockefeller (D-WV), Chairman of the Senate Commerce Committee, Chairman Mary Jo White of the U.S. Securities and Exchange Commission (SEC) stated that she has asked her staff for a briefing on the efficacy of the SEC’s 2011 staff guidance on Cybersecurity disclosures, overall compliance with the guidance and any recommendations regarding further guidance in the area of cybersecurity. The 2011 staff guidance urges public companies to disclose in their SEC filings descriptions of specific cybersecurity threats faced by the companies and the steps they are taking to mitigate them.

Sen. Rockefeller had written to White on April 9 to ask the just-confirmed SEC Chair to “elevate” the 2011 guidance and issue it at the Commission level as well. In his letter, Rockefeller posited that the staff guidance had had a positive impact on information available to investors, but “the disclosures are generally still insufficient for investors to discern the true costs and benefits of companies’ cybersecurity practices.”