Cybersecurity refers to the technologies and processes implemented to help protect computers and networks from unauthorized access or attacks. A breach is an incident in which confidential information is viewed, stolen or utilized by an unauthorized individual. Initially when thinking about these two words, my thoughts reflected on my own personal protection and more importantly about identify theft. I realized that technology is accelerating at a fast pace and educating oneself in protecting one’s personal identify and assets was critical.
My thoughts then turned toward the corporate world, where cybersecurity and breach considerations also play a critical role. Cybersecurity protection is essential today as a result of a public organization’s business operations increasing its dependence on digital technologies and electronic communication. Damages and financial losses from a cyberattack (premeditated abuse of computer networks and systems to retrieve data or disable operations) in public enterprises can be extremely damaging and material. In addition, these attacks may not only involve the organization, but also the public interest, stock prices, insider trading, executive bonuses and other concerns.
I also thought about the following:
- What are the US Securities and Exchange Commission (SEC) disclosure requirements for public enterprises relating to cybersecurity, risk factors and breaches?
- How do factors such as completeness and timeliness play a role in the disclosure requirements to the SEC?
- What is the role of the Form 8K, 10Q and 10K for these disclosures?
- How is insider trading monitored in an environment of an unannounced cyberattack?
- What types of organizations have been breached?
- What types of breaches have occurred?
- What is the cost associated with cyberattacks?
- Have SEC fines been imposed for timely non-disclosure?
- What is the role of the board of directors, officers and IT personnel?
My recent Journal article explores how the 2018 SEC statement has become an important pathway to assist public organizations in preparing and presenting disclosures about cybersecurity, risk factors, breaches and insider trading. It is also highly recommended that proper legal counsel be consulted.
Editor’s note: For further insights on this topic, read the recent Journal article: “The Growing Role of Cybersecurity Disclosures,” ISACA® Journal, volume 1, 2020.