Statement on Cybersecurity Interpretive Guidance

Jay Clayton is Chairman of the U.S. Securities and Exchange Commission. This post is based on Chairman Clayton’s recent remarks concerning the SEC Cybersecurity Interpretive Guidance, available here. The views expressed in this post are those of Mr. Clayton and do not necessarily reflect those of the Securities and Exchange Commission or its staff.

Yesterday [Feb. 20, 2018], the Commission approved the issuance of an interpretive release to provide guidance to public companies when preparing disclosures about cybersecurity risks and incidents. The release also communicates the Commission’s views on the importance of maintaining comprehensive policies and procedures related to cybersecurity risks and incidents.

In today’s environment, cybersecurity is critical to the operations of companies and our markets. Companies increasingly rely on and are exposed to digital technology as they conduct their business operations and engage with their customers, business partners, and other constituencies. This reliance on and exposure to our digitally-connected world presents ongoing risks and threats of cybersecurity incidents for all companies, including public companies regulated by the Commission. Public companies must stay focused on these issues and take all required action to inform investors about material cybersecurity risks and incidents in a timely fashion.

In 2011, the Division of Corporation Finance issued guidance that provided the Division’s views regarding disclosure obligations that relate to cybersecurity risks and incidents. Yesterday, the Commission voted to provide guidance to public companies that reinforces and expands the Division’s prior guidance. The guidance highlights the disclosure requirements under the federal securities laws that public operating companies must pay particular attention to when considering their disclosure obligations with respect to cybersecurity risks and incidents. It also addresses the importance of policies and procedures related to disclosure controls and procedures, insider trading, and selective disclosures. I believe that providing the Commission’s views on these matters will promote clearer and more robust disclosure by companies about cybersecurity risks and incidents, resulting in more complete information being available to investors. In particular, I urge public companies to examine their controls and procedures, with not only their securities law disclosure obligations in mind, but also reputational considerations around sales of securities by executives.

There is no doubt that the cybersecurity landscape and the risks associated with it continue to evolve. I have asked the Division of Corporation Finance to continue to carefully monitor cybersecurity disclosures as part of their selective filing reviews. We will continue to evaluate developments in this area and consider feedback about whether any further guidance or rules are needed.

Trackbacks are closed, but you can post a comment.

Post a Comment

Your email is never published nor shared. Required fields are marked *


You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

  • Subscribe or Follow

  • Cosponsored By:

  • Supported By:

  • Programs Faculty & Senior Fellows

    Lucian Bebchuk
    Alon Brav
    Robert Charles Clark
    John Coates
    Alma Cohen
    Stephen M. Davis
    Allen Ferrell
    Jesse Fried
    Oliver Hart
    Ben W. Heineman, Jr.
    Scott Hirst
    Howell Jackson
    Wei Jiang
    Reinier Kraakman
    Robert Pozen
    Mark Ramseyer
    Mark Roe
    Robert Sitkoff
    Holger Spamann
    Guhan Subramanian

  • Program on Corporate Governance Advisory Board

    William Ackman
    Peter Atkins
    Allison Bennington
    Richard Brand
    Daniel Burch
    Jesse Cohn
    Joan Conley
    Isaac Corré
    Arthur Crozier
    Ariel Deckelbaum
    Deb DeHaas
    John Finley
    Stephen Fraidin
    Byron Georgiou
    Joseph Hall
    Jason M. Halper
    Paul Hilal
    Carl Icahn
    Jack B. Jacobs
    Paula Loop
    David Millstone
    Theodore Mirvis
    Toby Myerson
    Morton Pierce
    Barry Rosenstein
    Paul Rowe
    Marc Trevino
    Adam Weinstein
    Daniel Wolf