Computerworld: The SEC’s division of corporate finance has issued new guidelines which say that publicly traded companies must disclose data about cyberattacks in certain situations. Specifically, companies will need to disclose such information “if these issues are among the most significant factors that make an investment in the company speculative or risky.”
David Navetta, a founding partner of Information Law Group, says that IT security risks have always been a potential disclosure issue, but the new guidance “really highlights the issue and brings it to the fore.”