SEC Guidance Requires Cybersecurity Risks Must Be Disclosed

The United State Securities and Exchange Commission (SEC)
released a new guidance on cybersecurity last month, stating that cybersecurity
risks must now be disclosed. In the past, the SEC has required publicly traded
companies to disclose material risks and events information that would be
pertinent for a person to know before investing in the company.

But before this new guidance, it was not clearly stated that
cybersecurity information was to be included in this information. According to
an article in the Washington
, This SEC guidance is critical because it allows market participants
to weigh cybersecurity as an investment factor. It is generally understood that
disclosing material breaches such as the significant loss of a companys
intellectual property will affect the value of a company, because existing or
potential investors will reconsider their investment decisions. Without
detailed public information about these events, investors are unaware of the
risks to which companies are exposed. And without pressure from investors,
corporate officers are less likely to change their risk-management practices.

So now, a company must be upfront about any problems they
have had as a result of poor fraud
prevention tools

According to the guidance, failing fraud prevention
, which result in cybersecurity issues, can result in:

  • Remediation
    costs that may include liability for stolen assets or information and
    repairing system damage that may have been caused. Remediation costs may
    also include incentives offered to customers or other business partners in
    an effort to maintain the business relationships after an attack;
  • Increased
    cybersecurity protection costs that may include organizational changes,
    deploying additional personnel and protection technologies, training
    employees, and engaging third party experts and consultants;
  • Lost
    revenues resulting from unauthorized use of proprietary information or the
    failure to retain or attract customers following an attack;
  • Litigation;
  • Reputational
    damage adversely affecting customer or investor confidence.

Explore more articles