"SEC Staff Comments on Chegg’s Data Breach Disclosure and Response; A Real Life Example" from Bass Berry & Sims uses a robust Form 10-K comment letter exchange between SEC staff and Chegg, Inc. to illustrate the company's approach to cyber incident disclosure based on the SEC's 2018 interpretive guidance and Corp Fin's 2011 guidance on cybersecurity disclosure. While each cyber incident stands on its own facts and thus no particular comment exchange can be replicated, the company's overall approach and the facts and considerations used to support its disclosures are broadly instructive for other companies.
See our additional cybersecurity reports in the February 26 Society Alert and these recent reports: "Cybersecurity: Proxy & 10-K Disclosures" and "Cybersecurity Disclosure Committee," and access additional resources on our Cybersecurity/Data Privacy page. This post first appeared in the weekly Society Alert!