One can only hope that the recently uncovered data breach at Uber—which exposed the data of more than 50 million individuals and involved a company-authorized hush payment of $100,000 to the hackers—was, to borrow a term, a unicorn. Colorful (and possibly criminal) details aside, the Uber breach is just the latest in a series of high-profile hacks this year, which collectively call into question the SEC’s effectiveness in policing cyber-risk disclosures. This proxy season may provide some answers, as the panelists on an Intelligize webinar will discuss (details below).
Having been victimized by its own breach announced this past September, the SEC may not be in the best position to play authority on cybersecurity. Nonetheless, the agency’s recent focus on cybersecurity, among other tea leaves, suggest that more is coming on disclosure requirements.
Even before assuming the chairmanship of the SEC in May 2017, Jay Clayton had been an outspoken proponent of robust cyber-related disclosures. “Issuers should consider whether their publicly filed reports adequately disclose information about their risk management governance and cybersecurity risks, in light of . . . current and evolving cyber threats,” he said in a September 2017 statement.
Current regulations, it seems, lack the clarity of the chairman’s rhetoric. It’s understood that a significant cyberbreach must be included under Item 8.01 of Form 8-K; beyond that, however, issuers have complained that the agency’s guidance remains murky. Meanwhile, recent comments made by William Hinman, director of the SEC’s Division of Corporation Finance, affirm that the SEC will soon issue new guidance around cybersecurity risk factor disclosure. No one expects the SEC to put an end to data breaches altogether, but these factors—along with the intensifying severity of data breaches—make some form of SEC action to increase transparency on cyber-risk feel imminent.
How will these cyber issues impact the 2018 filing season? In an upcoming webinar – moderated by Intelligize’s Marc Butler – a panel of experts will discuss:
- How incident response has evolved with the increase in cybersecurity events;
- What others in the industry are doing in regard to cyber liability insurance;
- Timing of disclosure in periodic reports, when should you disclose and how much do you report; and
- What is the litigation path beginning to look like? What to expect?
The event will take place December 6. Our panelists are: Daimon Geopfert, a principal with the risk advisory services group at RSM; Frances Goins, co-chair of Ulmer & Berne’s Data Privacy & Information Security group and the firm’s Financial Services & Securities Litigation group; Craig A. Newman, partner and head of the Privacy & Data Security practice at Patterson Belknap Webb & Tyler; and Judy Selby, principal of Judy Selby Consulting and a former partner at BakerHostetler.
To register for the complimentary 45-minute event, click here.