SEC urges clearer disclosures about cybersecurity risks
The US Securities and Exchange Commission on Wednesday issued new guidance on how and when public companies should disclose cybersecurity risks and breaches.
The "interpretive guidance" document (PDF) urges informing investors of risks in a timely fashion, including vulnerabilities that have not yet been targeted by hackers. The guidance also says executives should refrain from trading in the company's stock while in possession of nonpublic information about significant cybersecurity attacks.
The commission, which unanimously approved the updated guidance, believes the document will help "promote clearer and more robust disclosure by companies about cybersecurity risks and incidents, resulting in more complete information being available to investors," SEC Chairman Jon Clayton said in a statement.