 |
|||||||||
|
|||||||||
 |
|||||||||
|
SEC Issues Guidance for Public Companies on Disclosure of Cybersecurity Risks |
|||||||||
 |
|||||||||
|
On October 13, 2011, the U.S. Securities & Exchange Commission issued a Disclosure Guidance stating that Public Companies will now have to provide disclosure to investors on Cybersecurity Risks that are deemed to be material. This Guidance being required by the SEC is in response to increased threats of Cybersecurity Attacks against a number of high profile companies. The SEC’s Guidance specifically states: “Depending on the registrant’s particular facts and circumstances, and the extent material, appropriate disclosures may include: (1) Risk Factors: “Registrants should disclose the risk of cyber incidents if these issues are among the most significant factors that make an investment in the company speculative or risky.” According to the document, examples of appropriate disclosures include: - Discussion of aspects of the registrant’s business or operations that give rise to material cybersecurity risks and the potential costs and consequences; - To the extent the registrant outsources functions that have material cybersecurity risks, description of those functions and how the registrant addresses those risks; - Description of cyber incidents experienced by the registrant that are individually, or in the aggregate, material, including a description of the costs and other consequences; - Risks related to cyber incidents that may remain undetected for an extended period; - Description of relevant insurance coverage. (2) MD&A: “Registrants should address cybersecurity risks and cyber incidents in their MD&A if the costs or other consequences associated with one or more known incidents or the risk of potential incidents represent a material event, trend, or uncertainty that is reasonably likely to have a material effect on the registrant’s results of operations, liquidity, or financial condition or would cause reported financial information not to be necessarily indicative of future operating results or financial condition.” (3) Description of Business: “If one or more cyber incidents materially affect a registrant’s products, services, relationships with customers or suppliers, or competitive conditions, the registrant should provide disclosure in the registrant’s ‘Description of Business.’” (4) Legal Proceedings: “If a material pending legal proceeding to which a registrant or any of its subsidiaries is a party involves a cyber incident, the registrant may need to disclose information regarding this litigation in its “Legal Proceedings” disclosure.” (5) Financial Statement Disclosures: “Cybersecurity risks and cyber incidents may have a broad impact on a registrant’s financial statements, depending on the nature and severity of the potential or actual incident.” (6) Disclosure Controls and Procedures: “Registrants are required to disclose conclusions on the effectiveness of disclosure controls and procedures.”" It is important to note that the guidance is not a rule, regulation, or statement of the SEC, and the SEC has not approved or disapproved its content. This new Cybersecurity disclosure guidance will also raise the possibility that Regulation S-P (requiring specific data security procedures be implemented) will be more strictly enforced. This new Guidance not only increases the need for proper Cyber/Privacy Insurance Coverage; but also increases D&O risk to corporate Directors & Officers. Public Companies will now have a risk of increased litigation for plaintiff’s suing the Corporation and its Directors & Officers following a data security breach, alleging that the risks of a breach or the safeguarding of protected data were not properly assessed or disclosed. For a copy of the SEC’s new Guidance, please see the link below: |
The issuance of this guidance by the SEC reinforces the need for Cyber, Security and Privacy Liability Insurance now more than ever. Contact one of S.H. Smith & Company's cyber product experts today to learn more about our full cyber, security & privacy offerings.
This e-mail address is being protected from spambots. You need JavaScript enabled to view it.
This e-mail address is being protected from spambots. You need JavaScript enabled to view it.
This e-mail address is being protected from spambots. You need JavaScript enabled to view it.
This e-mail address is being protected from spambots. You need JavaScript enabled to view it.
|
||||||||
 |
|||||||||
 |
|||||||||
|
For general information about S.H. Smith, feel free to contact any of our Regional Sales Managers listed below. For any region not listed, please contact our President, This e-mail address is being protected from spambots. You need JavaScript enabled to view it. or call us at (800) 356-0168. S.H. Smith & Company is a national firm, licensed to write in all 50 states.
|
|||||||||
|
|
|||||||||
