The U.S. Securities and Exchange Commission issued new guidance calling on public companies to be more forthcoming when disclosing cyber security risks within their organization, even before a breach or cyber-attack occurs.

The commission’s five members voted unanimously to approve the guidance, however, both democratic commissioners feel there needs to be more action taken by companies. These two members hope that this is just the first step towards defeating actors who use technology to threaten the United States.

In the guidance, the commission urged companies to create policies that allow them to quickly assess cyber security risks and decide when to tell the public, and also prevent executives, board members, and other corporate insiders from trading shares when they having important information that hasn’t been released to the public yet.

“Given the frequency, magnitude and cost of cybersecurity incidents, the commission believes that it is critical that public companies take all required actions to inform investors about material cybersecurity risks and incidents in a timely fashion, including those companies that are subject to material cyber security risks but may not yet have been the target of a cyber-attack,” the SEC said.

The SEC added that while companies are not required to disclose sensitive information that could compromise the company’s’ cyber security measures, they absolutely cannot use internal or law enforcement investigations as an excuse for not informing the public of the security incident, something that’s been done all the often in the past.

The SEC did not mention any specific security incidents in the guidance, but it does come just a few months after the massive Equifax data breach that impacts over 145 million individuals. Equifax was harshly criticized for how low they took to inform users about the incident that was one of the largest breaches of consumer private financial data in history. The Justice Department is also investigating Equifax for large sales of shares by executives made between when the company learned of the breach and when it became public.


Read the article on Tech Crunch


The Most Powerful & Reliable Cybersecurity Products
Contact Us

USA Offices

New Net Technologies LLC
4850 Tamiami Trail, Suite 301
Naples, Florida, 34103

New Net Technologies LLC
1175 Peachtree St NE
Atlanta, Georgia, 30361.

Tel: (844) 898-8358
[email protected]


UK Office

New Net Technologies Ltd
The Russell Building, West Common
Harpenden, Hertfordshire

Tel: 020 3917 4995
 [email protected]

SC Magazine Cybersecurity 500 CSGEA Winners 2021 CIS benchmarking SEWP Sans Institute Now Certified IBM Security
Copyright 2021, New Net Technologies LLC. All rights reserved. 
NNT and Change Tracker are registered trademarks of New Net Technologies LLC.
All other product, company names and trademarks are the property of their respective owners.