A Collaboration with the University of Pittsburgh

SEC issues guidance on reporting cybersecurity breaches

[JURIST] The Securities and Exchange Commission (SEC) [official website] a statement and guidance [official document] on Wednesday warning public companies of their obligation to disclose cybersecurity breaches or threats.

The SEC said that, "Given the frequency, magnitude and cost of cybersecurity incidents, the commission believes that it is critical that public companies take all required actions to inform investors about material cybersecurity risks and incidents in a timely fashion." The SEC made it apparent that companies do not have to disclose the details of cybersecurity as to make their company even more vulnerable to attack, but if a company is particularly susceptible to an attack, it should be reported.

The statement said that companies are obligated to disclose certain cyber-security breaches in a timely fashion under the Securities Act of 1933 and the Securities Exchange Act of 1934. These acts require companies to report on a variety of information.

The guidance warned companies they must disclose "material" information that investors should be aware, i.e. a security breach or likelihood of a breach. The guidance stated that companies should enact policies and procedures to protect against insider trading before the information becomes public, and the ensure that these breaches are disclosed to the SEC.

About Paper Chase

Paper Chase is JURIST's real-time legal news service, powered by a team of 30 law student reporters and editors led by law professor Bernard Hibbitts at the University of Pittsburgh School of Law. As an educational service, Paper Chase is dedicated to presenting important legal news and materials rapidly, objectively and intelligibly in an accessible format.

© Copyright JURIST Legal News and Research Services, Inc., 2013.