The latest guidance from the SEC explicitly states that companies should discuss their cyber-security measures to investors and disclose “material” security incidents. – The
Securities and Exchange Commission issued some guidelines suggesting that
companies should report cyber-incidents that may affect the bottom line.
SEC’s Corporate Finance Division issued the guidance on Oct. 12, explaining how
organizations should report any cyber-incidents that could …