Overview
During this webinar, Partners Stephen Reynolds and Dan Woodard and Associate Charles Darantiere discussed the new US Securities and Exchange Commission (SEC) disclosure requirements for cybersecurity incidents.
Top takeaways from the webinar include:
- When a public company experiences a cybersecurity incident, response procedures should be implemented promptly, including early communications with law enforcement.
- Disclosure on Form 8-K are not required until a materiality determination has been made; public companies should make such determination without unreasonable delay, in consultation with external advisors and law enforcement.
- Materiality determinations should involve careful consideration of both quantitative and qualitative factors, with contemporaneous documentation of such analysis.
- When providing disclosure on Form 8-K, public companies should avoid specifying metrics or facts that are subject to ongoing change to avoid misleading omissions or the creation of a duty to update.
