Tag: 2011 Disclosure Guidance on cybersecurity risks and incidents

SEC hack provides occasion for Chair Clayton to revitalize 2011 Corp Fin disclosure guidance on cybersecurity risks and incidents

As you probably read in the papers (see, e.g., this article from the WSJ), SEC Chair Jay Clayton announced yesterday that, in 2016, the SEC’s EDGAR system was hacked and, in August 2017, the staff determined that the hack may have led to insider trading. The hackers took advantage of “a software vulnerability in the test filing component of our EDGAR system, which was patched promptly after discovery….” The SEC believes “the intrusion did not result in unauthorized access to personally identifiable information, jeopardize the operations of the Commission, or result in systemic risk.  Our investigation of this matter is ongoing, however, and we are coordinating with appropriate authorities.” As part of his lengthy statement, Clayton addressed the cybersecurity considerations that the staff applies in the context of its review of public company disclosures.