The Securities and Exchange Commission has issued a Guidance Document setting forth suggested cyber-security disclosures for public companies issuing quarterly and annual reports and other mandatory disclosures in connection with certain equity and debt offerings. This Guidance is not a new disclosure requirement -- rather, this document offers guidance on how existing disclosure obligations apply to cyber-security risks. This Guidance Document may cause many companies to re-evaluate their approach to disclosing cyber-security risks. Significant recommendations include the following:
Specifically, the SEC Guidance Document recommended the following disclosures in annual and quarterly reports and other mandatory disclosure documents:
It is important to note that the guidance is not a rule, regulation, or statement of the SEC, and the SEC has not approved or disapproved its content. Balancing disclosure and non-disclosure, even without this Guidance, can be tricky following a cyber-security event. Many times there are instances when disclosure is not advisable or permitted, such as when law enforcement is involved and disclosure will impede the success of the investigation. Or, an organization may want to complete a complicated forensics investigation to learn all of the details surrounding the breach before advising the world that an event has occurred.
If you have any questions about the material presented in this alert or how your business may be affected, please contact the primary authors of this alert or your regular Baker Hostetler contact.
Authorship Credit: Jerry Ferguson, Ted Kobus and Craig Hoffman
Baker & Hostetler LLP publications are intended to inform our clients and other friends of the Firm about current legal developments of general interest. They should not be construed as legal advice, and readers should not act upon the information contained in these publications without professional counsel. The hiring of a lawyer is an important decision that should not be based solely upon advertisements. Before you decide, ask us to send you written information about our qualifications and experience. © 2011 Baker & Hostetler LLP