In this new memo: "Between a Rock and a Hard Place: SEC Disclosure Analysis in Light of Yahoo Settlement," McGuire Woods suggests a framework - and series of factors - companies should consider in a post-breach disclosure analysis to satisfy the standards the SEC effectively articulated in the recently-announced settlement with Yahoo (reported on here: see "Yahoo").
The firm observes that, although the SEC's Order focuses on a failure to timely disclose a material breach, the failure to conduct a proper breach disclosure analysis may itself demonstrate a lack of judgment that can be equally problematic in triggering an enforcement action. The instructive memo identifies and explains key factors relevant to determining the materiality of the breach, whom to inform, and when and how to disclose.
Access numerous additional resources on our Cybersecurity page.