On February 21, the Securities and Exchange Commission (“SEC”) unanimously approved new interpretive guidance concerning public company disclosures related to cybersecurity. The updated guidance in Release No. 33-10459, Commission Statement and Guidance on Public Company Cybersecurity Disclosures, outlines the SEC’s thoughts on public companies’ disclosure requirements regarding cybersecurity risks, threats and incidents. Release No. 33-10459 also encourages public companies to implement cybersecurity policies and procedures and to apply disclosure controls and procedures, insider trading prohibitions, and Regulation FD and selective disclosure prohibitions.
The SEC believes the interpretive guidance will help public companies provide more transparent and detailed disclosures about potential threats to their computer systems and networks.
Release No. 33-10459 is effective upon being published in the Federal Register.