Moreover, the statement also warns that corporate insiders must not trade shares when they have information about cybersecurity issues that isn’t public yet.
The guidance was issued as an “interpretive release,” which the SEC uses to publish their views and interpret federal securities laws and SEC regulations. In it, the commission urged companies to develop policies that allow them to quickly assess cybersecurity risks and decide when to tell the public, and also prevent executives, board members and other corporate insiders from trading shares when they have important information that hasn’t been released yet.
According to TechCrunch, the SEC’s new guidance doesn’t mention specific incidents, but it comes about five months after the massive Equifax data breach, which compromised the personal information of about 145.5 million people.
The SEC added that even though companies are not required to reveal sensitive information that could compromise their cybersecurity measures, they also cannot use internal or law enforcement investigations as an excuse for not informing the public.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now