We have previously blogged about March 26 SEC cybersecurity roundtable and the SEC paying close attention to cybersecurity issues, especially on the heels of the cybersecurity breaches faced by Target and other retailers. On March 19, 2014, the SEC issued a notice about the coming cybersecurity roundtable shedding light on the topics that will be discussed at the roundtable.
The panelists will have a well-rounded discussion of the cybersecurity issues faced by different constituencies, including:
- exchanges and other key market systems;
- investment advisers;
- transfer agents; and
- public companies.
Panelists will also be invited to discuss industry and public-private sector coordination efforts relating to assessing and responding to cybersecurity issues.
This roundtable discussion will be very timely. On March 14, 2014, Target filed its Annual Report on Form 10-K, which reads as Exhibit A to the SEC’s 2011 guidance on cybersecurity disclosures (CF Disclosure Guidance: Topic No. 2, Cybersecurity). Among other disclosures, the company beefed up the risk factors to talk about its data breach and included a detailed discussion of the ramifications of this breach into its “Management’s Discussion and Analysis of Financial Condition and Results of Operations.”
Some details of Target’s disclosure are quite interesting. As a result of the data breach, Target recorded $61 million of pretax data breach-related expenses, some of which may be offset by its network-security insurance coverage. Such expenses include costs to investigate the data breach, provide credit-monitoring services to its customers, increase staffing in its call centers, and procure legal and other professional services. More than 80 actions have been filed and other claims may be asserted against Target on behalf of its customers, payment card issuing banks, shareholders or others seeking relief in connection with the data breach. In addition, State Attorneys General, the Federal Trade Commission and the SEC are investigating events related to the data breach. Probably, one of the most important ramifications is the effect of the data breach on sales as Target believes that the data breach adversely affected its fourth quarter U.S. Segment sales.