The Balance Between Informing Investors and Protecting Companies: a Look at the Division of Corporation Finance's Recent Guidelines on Cybersecurity Disclosure Requirements

In response to the increasing number of cyberattacks, the U.S. Securities and Exchange Commission’s Division of Corporation Finance recently issued guidance on the disclosure obligations of companies relating to cybersecurity risks and cyber incidents. While the purpose behind the action was well founded, this article argues that the guidelines are inadequate because they fail to properly demonstrate how a company is supposed to strike the balance between releasing the appropriate information to investors while not compromising its own cybersecurity defense. In order to remedy the inadequacy, this Recent Development proposes that the Division of Corporation Finance should follow up the guidelines with a number of concrete examples and allow the public to submit specific questions and hypotheticals.