SEC Guidance on Cyber Attack Disclosure: A Game Changer?

Virus Detection

Virus Detection

Companies have struggled with how and what to disclose and how to account for their real and potential cyber exposures. With little uniformity and much confusion, recent guidance for public companies from the U.S. Securities and Exchange Commission (SEC) is welcome.

Executive Risks Alert: Radical New Cyber Exposure Disclosure Guidance for Public Companies

Read more in our Executive Risks Alert: Radical New Cyber Exposure Disclosure Guidance for Public Companies (PDF)

However, the content of that guidance, and the extensive specific information detailed, will be considered controversial by many, not least as it applies to both pre-attack exposure measurements and post-attack accounting. Coming from the department within the SEC that reviews and approves public company annual reports, the “guidance” may be viewed as more of a requirement than a gentle suggestion.

With annual report season almost upon us for many public companies, the time to review, assess and respond to the new guidance is: now!

Our four-page ER Alert discusses the implications in greater detail.

About Ann Longmore

Ann is Executive Vice President of Willis' Executive Risks practice. Based in New York, she has been with the compa…
Categories: Cyber Risk, Directors & Officers | Tags: ,

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>