SEC Division of Corporation Finance Issues Additional Guidance Relating to Cybersecurity Incident Disclosure
Date: 07/12/24
Recognizing the need for more clarity, Erik Gerding, Director of the Division of Corporation Finance of the Securities and Exchange Commission (the “SEC”), issued statements in May and June, providing guidance relating to the SEC’s recently adopted disclosure rules about cybersecurity incidents. The new guidance clarifies that disclosure of cybersecurity incidents should only be made under Item 1.05 of Form 8-K (“Item 1.05”) if the company deems the incident to be material. Other non-material incidents may nevertheless be disclosed under Item 8.01 of Form 8-K. The new SEC guidance also reassures issuers that Regulation FD does not prohibit the private disclosure of additional incident detail beyond what is in an Item 1.05 disclosure, noting the importance of sharing such information for remediation and mitigation efforts.
CGR Memo - SEC Division of Corporation Finance Issues Additional Guidance Relating to Cybersecurity Incident Disclosure.pdf (pdf | 258.67 KB )