On February 20, 2018, the SEC issued interpretive guidance to further assist public companies in preparing disclosures and crafting policies and procedures for reporting, risk management, and preventing insider trading in relation to cybersecurity risks and incidents. The SEC highlighted the need for public companies to have appropriate disclosure controls and procedures for escalation of cybersecurity risks and incidents to disclosure decision-makers, as well as policies and procedures to prevent insider trading on, and selective disclosure of, cybersecurity information.