In February, the SEC announced new guidance for companies to disclose cybersecurity risks and incidents, and in April, it announced a $35 million penalty against Yahoo! for failing to disclose its huge data breach. In a new blog post, Davis Wright Tremaine partner Christopher Ott argues that this rapidly changing standard calls for preparing now for where things are likely to head in the near future.
Ott gives an overview of the SEC’s guidance and its rationale, and describes the risk controls and procedures the Commission expects. He recommends, “In light of the Yahoo! settlement, corporate boards and directors should adhere to a quarterly update schedule for the disclosure of material cyber risks.”