Ellin & Tucker Offices

The SEC Focuses on Cybersecurity Disclosures

By: Private: Carl Kampel

The evolving role boards of directors play in addressing cybersecurity was discussed recently at a roundtable hosted by the SEC. Commissioners asked whether cybersecurity matters should be addressed by audit committees or whether boards should be required to have risk committees with a cybersecurity expert just as audit committees are required to have a financial expert. While no consensus was reached, panelists noted that this decision should depend on the nature of a company’s operations and the magnitude of the cybersecurity risk to those operations. In response to a February 12, 2013 executive order, the Commerce Department’s National Institute of Standards and Technology (NIST) issued a Framework for Improving Critical Infrastructure Cybersecurity on February 12, 2014 http://www.nist.gov/cyberframework/upload/cybersecurity-framework-021214.pdf.  While organizations that operate critical infrastructure are not required to adopt the framework, they will be encouraged to do so. Moreover, the framework identifies current best practices and provides a process that any company can use to identify gaps in its cybersecurity. Panelists generally supported the SEC staff’s guidance in CF Disclosure Guidance: Topic No. 2, Cybersecurity, http://www.sec.gov/divisions/corpfin/guidance/cfguidance-topic2.htm in determining the need for disclosure of cyber incidents.

Contact Us

Required Fields *

First Name *

Last Name *

Email Address *


Mailing Address

Services of Interest
Accounting ServicesAudit ServicesBusiness ValuationConsulting ProjectCorporate TaxFamily Wealth PracticeForensic AccountingLitigation SupportIndividual Tax

Other (Please Specify):

I'd like to receive news and updates from Ellin & Tucker

Comments *