First, public companies making a disclosure under CISA should remain mindful of their SEC disclosure obligations concerning cyber-attacks. CISA disclosure could trigger SEC and the litany of other state, federal and international disclosures. The SEC in particular is becoming more and more aggressive when it comes to public companies and cybersecurity, so public companies and SEC- regulated entities such as investment advisers and broker-dealers should be especially careful with respect to the DHS Portal disclosures.
via Some Thoughts on the Cybersecurity Information Sharing Act — Stark on IR
