The SEC sent a clear reminder to public companies grappling with cyber-attacks that information concerning cyber vulnerabilities and remediation needs to be shared and considered by those responsible for public disclosures. In particular, the SEC alleged that senior executives responsible for making public statements about a specific cyber vulnerability were not told that security personnel had identified the vulnerability several months earlier, but had failed to remediate it in accordance with the company’s policies. The SEC commenced and settled an enforcement action imposing a fine of approximately $500,000, and finding that the public company failed to maintain disclosure controls and procedures designed to ensure that all available, relevant information concerning the vulnerabilities was analyzed for disclosure in the company’s public statements. Please take the time to ensure that your public company is including relevant cyber-related information as part of its disclosure control process.
| less than a minute read
Reposted from Linklaters - Americas Insights
SEC Charges Issuer With Cybersecurity Disclosure Controls Failures
"Unbeknownst to these senior executives, the company’s information security personnel had been aware of the vulnerability for months and the company’s information technology personnel did not remediate it, leaving millions of document images exposed to potential unauthorized access for months."
Subscribe to our Tech Insights blog for insights, updates and news from our experts - subscribe now!
We are pleased to launch our Tech Legal Outlook 2025 which explores key global trends and legal developments in the tech sector. 2025...