By: George M. Wilson, SEC Institute<\/p>\n
Cybersecurity risk is an important \u201chot topic\u201d in period-end reporting. In our workshops we sometimes find that many people are not aware that the SEC has issued guidance about cybersecurity disclosures<\/strong>.<\/p>\n <\/p>\n As a period-end reporting reminder<\/strong>, don\u2019t forget to review CorpFin Disclosure Guidance Topic 2<\/u><\/a> as you address cybersecurity risk. The SEC, both at the staff and Commission level, have recently reiterated that they believe this guidance from 2011 is on-point for disclosure in the current environment. There have been some discussions about whether to move this from a CorpFin document to a more official Commission Release, but there has been no formal activity to date.<\/p>\n <\/p>\n As you read the Disclosure Guidance Topic<\/u><\/a> you will see it suggests that you should tailor information to your circumstances. Disclosure in Risk Factors (likely applicable for almost all companies!) is one issue, but disclosure may also be relevant in the Description of the Business, Legal Proceedings, MD&A and the Financials Statements.<\/p>\n <\/p>\n Another reminder, Chairman Clayton\u2019s remarks about cybersecurity risk<\/u><\/a> also provide valuable insight into making appropriate disclosures in this complex area.<\/p>\n <\/p>\n And, as a last thought, PLI is presenting a One-Hour Briefing titled\u00a0\u201cIntegrating Enterprise Risk Management, Cybersecurity and Compliance in an Era of Big Data Breaches and Vulnerability<\/u><\/a>\u201d on February 13, 2018.<\/p>\n <\/p>\n As always, your thoughts and comments are welcome!<\/p>\n <\/p>\n","protected":false},"excerpt":{"rendered":" By: George M. Wilson, SEC Institute Cybersecurity risk is an important \u201chot topic\u201d in period-end reporting. In our workshops we sometimes find that many people are not aware that the SEC has issued guidance about cybersecurity disclosures. As a period-end reporting reminder, don\u2019t forget to review CorpFin Disclosure Guidance Topic 2 as you address … Continue reading Cybersecurity \u2013 The SEC\u2019s Official Guidance<\/span>