Peter J. Henning of the New York Times predicts that the sound guidance the SEC provides in its new guidance about cybersecurity disclosures will not overcome corporations’ habitual response to a data breach of “keeping a lid on the hack,” Referring to recommendations to have procedures in place to discern the impact of an incident, and to disclose risks and incidents that are material to investors, he says “Those are worthwhile reminders, but the S.E.C. has yet to institute any direct measures to compel companies to reveal the nature and scope of a cybersecurity breach.”
Referring to the guidance “to avoid the appearance of improper trading during the period following an incident and prior to the dissemination of disclosure” and calling for the release of “material” information in a timely manner, he says the problem is a lack of enforcement and the subjectivity of these standards.