SEC Issues Guidance on Disclosure Obligations Relating to Cybersecurity Risks and Cyber Incidents
11 November 2011
Mayer Brown Legal Update
On October 13, 2011, the Division of Corporation Finance of the Securities and Exchange Commission issued guidance regarding the disclosure obligations of public companies relating to cybersecurity risks and cyber incidents. The guidance seeks to balance the disclosure obligations of public companies against the potential for detailed disclosures to compromise cybersecurity efforts by providing a roadmap for those seeking to infiltrate a public company’s network security. The guidance, which is not intended to be exhaustive, focuses on six disclosure areas.