SEC Pushes For Disclosure Of Business Risk Profiles And Attack Details

The U.S. Securities and Exchange Commission (SEC) released guidance to public corporations on Thursday, urging better disclosure when it comes to security incidents, and investment risks. The recommendations originated from the Corporation Finance division of the SEC, which looks after investors and ensures they’re properly informed of all investment related details. While there are no disclosure requirements on the books that mention cybersecurity, registered companies “should disclose the risk of cyber incidents if these issues are among the most significant factors that make an investment in the company speculative or risky,” the SEC’s recommendations explain. “In determining whether risk factor disclosure is required, we expect registrants to evaluate their cybersecurity risks and take into account all available relevant information, including prior cyber incidents and the severity and frequency of those incidents. As part of this evaluation, registrants should consider the probability of cyber incidents occurring and the quantitative and qualitative magnitude of those risks, including the potential costs and other consequences resulting from misappropriation of assets or sensitive information, corruption of data or operational disruption.”  http://www.thetechherald.com/article.php/201141/7729/SEC-pushes-for-disclose-of-business-risk-profiles-and-attack-details

Advertisements
  1. Leave a comment

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: