On February 21, 2018, the SEC issued new guidance on whether public companies need to provide public disclosure of a “material” cybersecurity risk or event. Although the guidance is nonbinding, it is instructive in understanding how the Commission may interpret alleged cybersecurity lapses, particularly with regard to enforcement actions in exercising its civil jurisdiction over public companies.
Read the entire Cybersecurity Law Alert written by our colleagues Jim Halpert and Rachel K. Paulose.