CLEVELAND, Feb. 28, 2012 /PRNewswire/ -- The Securities and Exchange Commission has put public companies on notice of the significant risks relating to cybersecurity and has indicated that unmitigated exposure to cyber incidents should not be ignored in public disclosures. The SEC's Division of Corporate Finance issued a Disclosure Guidance (Guidance) addressing disclosure obligations related to cybersecurity risks and cyber incidents.
The SEC does not often target such a specific area of corporate vulnerability for disclosure, but the move is not all that surprising in light of the increased frequency and severity of cyber incidents resulting in extraordinary costs to public companies and their shareholders. Although not a rule or a regulation, the Guidance clearly states the SEC's position that several existing disclosure requirements already impose an obligation on public companies to disclose certain cybersecurity risks and cyber incidents, just as a company would need to with any other significant operational or financial risk.
Existing disclosure requirements
The Guidance highlights the following five specific disclosure obligations that may require the inclusion of cybersecurity risks and cyber incidents:
Click below to read the McDonald Hopkins Law Firm Alert: In a rare move, SEC issues guidance on cybersecurity risks
For more information, please contact:
James J. Giszczak
Sean T. O'Brien
About McDonald Hopkins
McDonald Hopkins is a business advisory and advocacy law firm with offices in Chicago, Cleveland, Columbus, Detroit, Miami, and West Palm Beach. The president of McDonald Hopkins is Carl J. Grassi. www.mcdonaldhopkins.com.
Deborah W. Kelm
McDonald Hopkins LLC
Available Topic Expert(s): For information on the listed expert(s), click appropriate link.
James J. Giszczak
SOURCE McDonald Hopkins LLC