Sec Cybersecurity Guidance 2011

As an sec interpretation the guidance carries the highest level of authority and reinforce es and expand s upon the prior staff guidance that the sec staff issued in october 2011 staff guidance which we discussed in a previous lawflash.

Sec cybersecurity guidance 2011. This lawflash discusses some of the key components contained in the new guidance. The document established that. The sec provides cybersecurity guidance to help broker dealers investment advisers investment companies exchanges and other market participants protect their customers from cyber threats. 1 the guidance which is effective immediately applies to domestic and non us sec registrants.

October 13 2011 summary. Since that time the sec has held a roundtable on the topic and reflected to some extent cyber risk in some of its rulemakings. Jay rockefeller then the chairman of the senate commerce committee the sec s division of corporation finance issued guidance on companies disclosure obligations relating to cybersecurity risks and cyber incidents. The new guidance does not change any of the sec s rules.

On october 13 2011 the securities and exchange commission s sec division of corporation finance issued guidance on disclosure obligations relating to cybersecurity risks and cyber incidents. This guidance reinforces and expands the guidance issued by the sec staff in 2011. Sec supplements 2011 cybersecurity disclosure guidance february 28 2018 on february 21 2018 the securities and exchange commission issued a public statement to clarify reinforce and expand the division of corporation finance s influential 2011 guidance for public disclosure obligations with respect to cybersecurity risk and incidents. Division of corporation finance securities and exchange commission cf disclosure guidance.

This guidance provides the division of corporation finance s views regarding disclosure obligations relating to cybersecurity risks and cyber incidents. On february 21 the sec issued interpretive guidance to assist in the preparation of cybersecurity risks and incidents disclosures. The sec s cybersecurity foray in 2011 at the urging of sen. We note the last formal guidance from the sec or its staff on cyber risk was published in 2011.

The commission continues to recognize that companies are not required to include disclosures that would provide a roadmap for how to breach a company s security protections. In october 2011 the division of corporation finance the division issued guidance that provided the division s views regarding disclosure obligations relating to cybersecurity risks and incidents.