The Balance Between Informing Investors and Protecting Companies: a Look at the Division of Corporation Finance’s Recent Guidelines on Cybersecurity Disclosure Requirements

Download Full Text PDF

In response to the increasing number of cyberattacks, the U.S. Securities and Exchange Commission’s Division of Corporation Finance recently issued guidance on the disclosure obligations of companies relating to cybersecurity risks and cyber incidents. While the purpose behind the action was well founded, this article argues that the guidelines are inadequate because they fail to properly demonstrate how a company is supposed to strike the balance between releasing the appropriate information to investors while not compromising its own cybersecurity defense. In order to remedy the inadequacy, this Recent Development proposes that the Division of Corporation Finance should follow up the guidelines with a number of concrete examples and allow the public to submit specific questions and hypotheticals.

Joel Bronstein, Recent Development, The Balance Between Informing Investors and Protecting Companies: a Look at the Division of Corporation Finance's Recent Guidelines on Cybersecurity Disclosure Requirements, 13 N.C. J.L. & Tech. On. 257 (2012), http://cite.ncjolt.org/13NCJOLTOnlineEd257.

The North Carolina Journal of Law & Technology has adopted the Open Access Program, a part of the Scholar’s Copyright Project created by Science Commons. Authors designate the conditions under which their articles are licensed. By downloading articles, you agree to comply with the license terms specified. Please contact NC JOLT at eic.ncjolt@gmail.com with permissions inquiries.