In the wake of recent notable data breaches, the United States Securities and Exchange Commission issued an interpretive release in late February designed to improve the timeliness and accuracy of public companies’ disclosures of cybersecurity risks and incidents and prevent insider trading. An “incident” for purposes of the guidance is a broader term than “breach” and includes an “occurrence that actually or potentially results in adverse consequences to” a company’s information system. As discussed in this article, the SEC’s guidance (“Guidance”) underscores concerns that all companies, regardless of size and ownership, need to take seriously to improve their cybersecurity planning and legal compliance.

Read the article here.