More Cybersecurity Disclosure Urged

News Brief
April 18, 2013

By Cydney Posner

According to this Law360 article, Senator Jay Rockefeller is continuing to push the SEC for more extensive disclosure regarding cybersecurity risks. This isn't the first time that Rockefeller has raised the issue. (See my article from 6/9/11.) His previous admonition to the SEC led the staff to issue interpretive guidance regarding cyberrisks disclosure. (See my article from 10/14/11.) While Rockefeller views that guidance as an important first step, he urged new SEC chair Mary Jo White to issue more authoritative cybersecurity disclosure guidance to encourage more publicly traded companies to detail their cybersecurity risks and what steps they are taking to mitigate the threats. A number of companies did include disclosure in their 10-Ks in response to the staff's guidance, but Rockefeller expressed concern in his correspondence to White "that many companies were still not being upfront about cyberrisks and incidents, a shortcoming that more formal commission-level interpretive guidance could help fix. 'Over the past two years, the importance of cybersecurity and its impact on our country's future has only grown….For that reason, I strongly urge you to address this issue as one of your highest priorities as SEC chairman.'"