SEC offers guidance for cyber incident disclosure

Companies that experience cyber incidents now have a better idea of when and how to report them, thanks to new guidance the Securities and Exchange Commission issued last week, InformationWeek reports.

The guidance, which was posted on the SEC's website Oct. 13, states that companies should report cybersecurity incidents when they are "among the most significant factors" that could negatively affect their operations or "make investment in the company speculative or risky," according to InformationWeek.

The SEC added that companies should also take the number, frequency and severity of any previous cyber incidents, as well as the actions they have taken to reduce their cybersecurity risk, into account in deciding on disclosure.

The guidance marks the SEC's first official policy specifically dealing with the disclosure of cyber incidents.

About the Author

Connect with the GCN staff on Twitter @GCNtech.


  • business meeting (Monkey Business Images/

    Civic tech volunteers help states with legacy systems

    As COVID-19 exposed vulnerabilities in state and local government IT systems, the newly formed U.S. Digital Response stepped in to help. Its successes offer insight into existing barriers and the future of the civic tech movement.

  • data analytics (

    More visible data helps drive DOD decision-making

    CDOs in the Defense Department are opening up their data to take advantage of artificial intelligence and machine learning tools that help surface insights and improve decision-making.

Stay Connected