Interested in training for your team? Click here to learn more

New SEC Guidance on Cybersecurity Disclosures: Risks, Incidents, Materiality, Data Governance Procedures

Recording of a 90-minute premium CLE webinar with Q&A

This program is included with the Strafford CLE Pass. Click for more information.
This program is included with the Strafford All-Access Pass. Click for more information.

Conducted on Tuesday, June 12, 2018

Recorded event now available

or call 1-800-926-7926

This CLE course will examine the new SEC guidance regarding disclosures that must be made by public companies relating to cybersecurity risks and incidents. The panel will discuss how best to strike a balance between providing adequate disclosure and protecting company information systems. The panel will also discuss the recent SEC enforcement action against Yahoo/Altaba, and outline corporate data governance protocols to comply with the recent guidance and avoid similar actions.


On Feb. 21, 2018, the SEC released guidance on public company cybersecurity disclosures that expanded on 2011 guidance. The guidance requires public companies to disclose cybersecurity risks and incidents and describes factors to determine whether a threat or incident is material. Counsel must be able to tailor appropriate disclosures that strike a balance between disclosing meaningful information and protecting their client’s information systems.

The guidance stresses that “information about a company’s cybersecurity risks and incidents may be material nonpublic information” and warns directors, officers and other corporate insiders against trading securities while in possession of such information. Implementing restrictions on trading the company’s securities may be necessary until public disclosure of a cybersecurity issue.

The SEC’s recent $35 million fine civil penalty levied against Yahoo/Altaba highlights the importance of full and timely disclosure. Cybersecurity is also an examination priority of the SEC's Office of Compliance Inspections and Examinations for the fiscal year 2018. Counsel may be called upon to review internal data governance procedures to ensure that they sufficiently address cybersecurity disclosure.

Listen as our authoritative panel discusses the new guidance and how best to disclose risks and incidents that are deemed “material” in a manner that does not compromise the company’s information systems. The panel will also discuss implications of the guidance for insider trading and internal data security controls and procedures.



  1. SEC guidance—disclosure obligations
    1. Material risks associated with cybersecurity and cybersecurity incidents
    2. Management’s views regarding how cybersecurity incidents will affect the company’s financial condition and results of operations
    3. Incidents or threats that materially affect a company’s products, services, business relationships
    4. Material pending legal proceedings related to cybersecurity issues
    5. Costs related to an investigation, remediation and litigation, losses in revenue, and diminished future cash flows
    6. Role of the board of directors in overseeing and managing cybersecurity risks
  2. Avoiding insider trading on cybersecurity information—Regulation FD and selective disclosure
  3. Implementing data governance policies and procedures for adequate cybersecurity disclosures


The panel will review these and other critical issues:

  • What types of information does the SEC suggest that a public company should disclose in connection with ongoing cybersecurity risks and specific data breaches?
  • What matters are deemed material under the guidance and what if disclosure could compromise the information systems of a company?
  • When does insider trading become a concern in the context of a cybersecurity incident?
  • What steps should public companies take now about data governance and disclosure?


Hoidal, Sten-Erik
Sten-Erik Hoidal

Fredrikson & Byron

Mr. Hoidal represents clients in complex commercial litigation, with an emphasis on data protection, cybersecurity and...  |  Read More

Newman, Timothy
Timothy Newman

Haynes and Boone

Mr. Newman is a litigator who represents clients in government enforcement actions, cybersecurity matters, and complex...  |  Read More

Access Anytime, Anywhere

Strafford will process CLE credit for one person on each recording. All formats include course handouts.

To find out which recorded format will provide the best CLE option, select your state:

CLE On-Demand Video