Last week William Hinman, the SEC’s recently appointed director of corporate finance, stated that public companies will soon face new guidelines for how they report cybersecurity breaches to investors.
A related November 16 Ignites article quoted Carter Ledyard Counsel Valentino Vasi on the potential effect on public companies of new guidelines. “More ‘bright-line’ standards can prevent the urge to ‘massage’ boardroom deliberations over what is legally — if not ethically — necessary to report,” Vasi said. “In addition, simply asking firms to disclose more information about their cyber risks may prompt some to act to address gaps in their security or system. The next step is to think about mitigating those risks through training, policies and procedures and incident response plans.”