As part of this website’s efforts to educate our readers about this October being National Cyber Security Awareness Month (NCSAM), and to support NCSAM’s theme of Week 3 of this month – e.g. to focus our attention on national and local efforts to prevent identity theft and other cybercrimes — our staff has organized some additional content and comments regarding the recent release by the Securities and Exchange Commission (SEC) of a cyber security related guidance document.
This document is entitled “CF Disclosure Guidance: Topic No. 2” and provides the SEC’s Division of Corporation Finance’s views regarding disclosure obligations relating to cybersecurity risks and cyber incidents.
This SEC guidance clarifies a long-standing requirement that companies report “material” developments, or matters significant enough that an investor would want to know about them. The guidance spells out that cyber-attacks are no exception.
Read more of what others have to say about this SEC guidance document release below:
“SEC Issues Guidance Concerning Cyber Security Incident Disclosure” by David Navetta
“SEC Issues First-Ever Guidance on Disclosure to Investors of Cybersecurity Risk” by Christopher Wolf
“SEC Guidance on Cybersecurity Aims to Keep Investors Informed” by Catherine Dunn
“Cybersecurity: SEC Outlines Requirement that Companies Report Cyber Theft and Attack” by Ellen Nakashima and David S. Hilzenrath
Click here to read the actual guidance document.
If applicable, please pass this information along to those business continuity, risk management and PS-Prep strategy planning team members in your organization.
Note: October 2011 marks the eighth annual National Cyber Security Awareness Month sponsored by the Department of Homeland Security in cooperation with the National Cyber Security Alliance (NCSA) and the Multi-State Information Sharing and Analysis Center (MS-ISAC). See the DHS National Cyber Security Awareness Month website for more information, including suggestions for what else you can do.