SEC Updates Public Company Disclosures Guidance for Cybersecurity Risks and Incidents

The interpretive release outlines the SEC’s views with respect to cybersecurity disclosure requirements under the federal securities laws as they apply to public operating companies. The revised guidance now includes two topics not developed in the staff’s 2011 guidance, the importance of cybersecurity policies and procedures and the application of insider trading prohibitions in the cybersecurity context. In meeting their disclosure obligations, companies may need to disclose previous or ongoing cybersecurity incidents or other past events in order to place discussions of cyber risks in the appropriate context.