DLA Piper's "Breach and cyber incident reporting - disclosure challenges for public companies" summarizes the results of an Audit Analytics report on cybersecurity disclosure (available for purchase) and SEC staff comments on a number of disclosures that, collectively, engender these key takeaways:
- Disclose the occurrence of cyber incidents that are or were, individually or in the aggregate, material − including the related costs and other consequences.
- As discussed in the SEC Division of Corporation Finance cybersecurity disclosure guidance, consider not only risk factor disclosure, but also whether disclosure in appropriate for the MD&A, description of business, legal proceedings, financial statements, and/or DC&P.
Access additional information & resources on our Cybersecurity page. This post first appeared in the weekly Society Alert!