Yet, for almost half a decade, the SEC and the Department of Justice did little in the way of scrutinizing companies that were the victims of sophisticated cyberattacks, other than repeatedly announcing that cybersecurity was a priority. That all has changed, as the SEC recently took the unusual step of confirming that it is conducting an investigation of Yahoo! in what is widely considered the largest breach in history, and with other unconfirmed reports of investigations of Equifax and previously of Target. Recent comments from SEC officials seem to suggest that the SEC is pursuing an aggressive theory that requires disclosure-namely to ensure that prior statements, particularly risk factors, are not rendered misleading. And, yet, this is one cybersecurity risk that can be mitigated. After discussing the legal landscape, we suggest how.
via SEC Cybersecurity Enforcement at Watershed Moment: How Companies Should Prepare – Big Law Business.
