In recognition of the changing cybersecurity land­scape and attendant risks to public companies, the Securities and Exchange Commission released new guidance in February on cybersecurity disclosure requirements for public companies. The guidance provides a long-overdue update to the SEC’s 2011 initial guidance on cybersecurity risk and sets out current expectations for risk disclosure by public companies which, if not heeded, could potentially result in enforcement actions, SEC comments on securities filings and/or shareholder lawsuits.

In a recent article for Bloomberg Law, Edward Normandin and Matthew Repetto assess the latest guidance and explain why public companies would be well-served to give fresh consider­ation to their cybersecurity risks and the adequacy of their current disclosure.

Read the full article here.