SEC Issues Expanded Interpretive Guidance on Cybersecurity Matters: Disclosure Controls and Procedures Should Ensure Appropriate Escalation and Disclosure of Cybersecurity Risks and Incidents and Issuers Should Craft Policies and Procedures Against Insider Trading and Selective Disclosure of Non-Public Information Related to Cybersecurity Risks and Incidents

Sullivan & Cromwell LLP - February 27, 2018

On February 20, 2018, the SEC issued interpretive guidance to further assist public companies in preparing disclosures and crafting policies and procedures for reporting, risk management, and preventing insider trading in relation to cybersecurity risks and incidents.  The SEC highlighted the need for public companies to have appropriate disclosure controls and procedures for escalation of cybersecurity risks and incidents to disclosure decision-makers, as well as policies and procedures to prevent insider trading on, and selective disclosure of, cybersecurity information.