Sentences with phrase «material cybersecurity risks»

The comment notes that the SEC «has already made it clear that companies must disclose material cybersecurity risks and incidents to investors in their public filings.»

«[T] he Commission believes that it is critical that public companies take all required actions to inform investors about material cybersecurity risks and incidents in a timely fashion,» the report states, «including those companies that are subject to material cybersecurity risks but may not yet have been the target of a cyber-attack.»

The United States Securities and Exchange Commission (SEC) recently published updated interpretative guidance concerning the duty of covered public companies to disclose certain material cybersecurity risks and incidents when filing with the SEC.

For example, in the US, the Securities and Exchange Commission has affirmed the importance of including cybersecurity processes and events in a public company's disclosure of risk factors and material events.

Staff Notice 51 - 347 Disclosure of Cyber Security Risks and Incidents describes the regulators» findings and provides guidance to issuers on disclosure of material cybersecurity information.

The report must (1) assess the confidentiality, integrity and availability of the company's Information Systems, (2) detail exceptions to the company's cybersecurity procedures and policies, (3) identify cyber risks to the company, (4) assess the effectiveness of the company's cybersecurity program, (5) propose steps to remediate any inadequacies identified in the company's cybersecurity program, and (6) include a summary of all material Cybersecurity Events that affected the company during the time period addressed bcybersecurity procedures and policies, (3) identify cyber risks to the company, (4) assess the effectiveness of the company's cybersecurity program, (5) propose steps to remediate any inadequacies identified in the company's cybersecurity program, and (6) include a summary of all material Cybersecurity Events that affected the company during the time period addressed bcybersecurity program, (5) propose steps to remediate any inadequacies identified in the company's cybersecurity program, and (6) include a summary of all material Cybersecurity Events that affected the company during the time period addressed bcybersecurity program, and (6) include a summary of all material Cybersecurity Events that affected the company during the time period addressed bCybersecurity Events that affected the company during the time period addressed by the report.

The SEC notes that «[t] o the extent cybersecurity risks are material to a company's business,» its... Continue Reading