Investors to Decide Their Level of Risk As SEC Votes on Increased Cybersecurity Breach Disclosures

Oversight of the US Securities and Exchange Commission, Washington, USA - 14 Sep 2021
Bill Clark / POOL / EPA-EFE /

The Securities and Exchange Commission (SEC) will vote today to consider a proposal to mandate cybersecurity disclosures by public companies “to reflect the evolving risks and investor needs.”

See: Real Estate Investing Guru Mindy Jensen Says To Avoid These Types of Properties
Find: Money Confidential’s Stefanie O’Connell Rodriguez: ‘Start Small’ If You’re Intimidated by Investing

The vote comes against the backdrop of increased potential cybersecurity threats from Russia, as well as renewed calls from politicians and experts for companies to protect themselves.

“I am pleased to support this proposal because, if adopted, it would strengthen investors’ ability to evaluate public companies’ cybersecurity practices and incident reporting,” SEC chair Gary Gensler said in a statement. “We’ve been requiring disclosure of important information from companies since the Great Depression. The basic bargain is this: Investors get to decide what risks they wish to take. Companies that are raising money from the public have an obligation to share information with investors on a regular basis.”

Make Your Money Work Better for You

CNBC reported that an SEC spokesperson noted these proposals had been under consideration for some time, but that the crisis in the Ukraine had given them a “special relevance.”

The SEC’s proposal includes amending the Form 8-K to require registrants to disclose information about a material cybersecurity incident within four business days after the registrant determines that it has experienced a material cybersecurity incident. Further, the proposal would require registrants to provide updated disclosure relating to previously disclosed cybersecurity incidents and to require disclosure, to the extent known to management, when a series of previously undisclosed individually immaterial cybersecurity incidents has become material in the aggregate, per the rule’s fact sheet.

“Cybersecurity incidents, unfortunately, happen a lot,” Gensler said in the statement. “They can have significant financial, operational, legal, and reputational impacts on public issuers. Thus, investors increasingly seek information about cybersecurity risks, which can affect their investment decisions and returns.’

SEC commissioner Caroline Crenshaw wrote in a statement that the sophistication and frequency of cyberattacks have increased as of late, “and that increase has imposed corresponding economic harms and increased expenses on companies, and their investors. In the most high-profile examples, we have seen outright halts in production and multi-million dollar ransom payments.”

Make Your Money Work Better for You

The sole dissenting opinion comes from commissioner Hester Peirce, who wrote in a statement that “the governance disclosure requirements embody an unprecedented micromanagement by the Commission of the composition and functioning of both the boards of directors and management of public companies.”

Learn: 7 Unexpected Cities To Invest in Property in 2022
Explore: 8 Best Cryptocurrencies To Invest In for 2022

“The tension between ensuring that investors get material cybersecurity incident information and protecting the ability of law enforcement to pursue wrongdoers is difficult to resolve appropriately, and I look forward to hearing how commenters would resolve it,” Peirce wrote.

More From GOBankingRates

Share this article:

Make Your Money Work Better for You

About the Author

Yaël Bizouati-Kennedy is a full-time financial journalist and has written for several publications, including Dow Jones, The Financial Times Group, Bloomberg and Business Insider. She also worked as a vice president/senior content writer for major NYC-based financial companies, including New York Life and MSCI. Yaël is now freelancing and most recently, she co-authored  the book “Blockchain for Medical Research: Accelerating Trust in Healthcare,” with Dr. Sean Manion. (CRC Press, April 2020) She holds two master’s degrees, including one in Journalism from New York University and one in Russian Studies from Université Toulouse-Jean Jaurès, France.
Learn More