On March 26, 2014, as we have previously blogged, the SEC hosted a cybersecurity roundtable to address the growing “cyber-threat” faced by public companies and other capital markets participants. The roundtable included four panels that discussed the cybersecurity landscape, public company disclosure, as well as market systems and participants (for an overview of the panels, see cybersecuritylawwatch.com).
SEC Chair White noted in her introductory remarks to the roundtable that cyber threats pose non-discriminating risks across our economy to all critical infrastructures, including financial markets, banks, intellectual property, and private consumer data (i.e., no company can be immune to such threats). Chair White also pointed out that the current SEC guidance on this topic (CF Disclosure Guidance: Topic No. 2, Cybersecurity) provides that material information concerning cybersecurity risks and cyber incidents must be disclosed in SEC filings.
SEC Commissioner Aguilar noted that the SEC’s informal disclosure guidance regarding cybersecurity helped investors and public companies to assess cybersecurity issues and questioned whether the SEC should be doing more to ensure the proper functioning of the capital markets and the protection of investors. The Commissioner suggested that the SEC should establish a Cybersecurity Task Force composed of representatives from each SEC division that will discuss these issues and advise the SEC as appropriate.