New SEC Rules on Cyber and Data Security Forthcoming

The SEC is mulling over requiring disclosures by publicly traded companies concerning data security and data breaches. 

This should come at no suprise as in 2011, the Corporate Fiannce Division issued guidance on disclosing data security and data breaches in CF Disclosure Guidance: Topic No. 2, Cybersecurity, Oct. 13, 2011.

What’s the SEC considering risk factors that need to be disclosed?

•  if the risk of data breaches would make an investment in the business risky or speculative AND
• including the potential cost of any breach.

SEC is serious too. It is issuing comment letters based on the current guidance and imposing fines.  The Recorder