Banking, finance, and taxes

SEC Issues New Guidance on Cybersecurity Attacks

Wikimedia Commons
Paul Ausick
Published:
Last Updated:

On Wednesday the U.S. Security and Exchange Commission (SEC) issued what it calls “interpretive guidance” for publicly traded companies, directing the firms to provide more and more timely information on cybersecurity incidents and risks.

The SEC also declared that corporate officers, directors and other insiders “must not” trade shares in their companies if that have “material nonpublic information,” including knowledge of a cybersecurity incident at the company.

While the wording might be a little vague on exactly what the SEC wants a company to disclose and how quickly it wants the information disclosed, the guidance states:

Where a company has become aware of a cybersecurity incident or risk that would be material to its investors, we would expect it to make appropriate disclosure timely and sufficiently prior to the offer and sale of securities and to take steps to prevent directors and officers (and other corporate insiders who were aware of these matters) from trading its securities until investors have been appropriately informed about the incident or risk.

The guidance seems directed at recent events surrounding a flaw that is present in every CPU chip manufactured and sold by Intel Corp. (NASDAQ: INTC). The so-called Meltdown and Spectre flaws were first discovered by Intel in June of last year. CEO Brian Krzanich filed a plan in October to sell nearly all of his stock in the company in November for a gain of around $25 million. The flaws were first publicly announced in January, and the share price fell 9% when the news hit.

Three senior executives at Equifax sold shares in the company a few days after Equifax discovered the data breach that resulted in the release of personal information on 143 million Americans. The sales occurred more than a month before Equifax publicly announced the breach.

The SEC guidance does not specify what a company must do or when, only that the company “have procedures and policies in place” to deal with insiders who could trade on material but not yet public information.

Because the guidance is a clarification of an existing rule rather than a new rule, both the Equifax and Krzanich stock sales may come under further scrutiny.

ALSO READ: The Worst Companies to Work For

Sponsored: Attention Savvy Investors: Speak to 3 Financial Experts – FREE

Ever wanted an extra set of eyes on an investment you’re considering? Now you can speak with up to 3 financial experts in your area for FREE. By simply
clicking here you can begin to match with financial professionals who can help guide you through the financial decisions you’re making. And the best part? The first conversation with them is free.


Click here to match with up to 3 financial pros who would be excited to help you make financial decisions.
Read more: Banking, finance, and taxes, Government Regulation, U.S. Securities and Exchange Commission

Thank you for reading! Have some feedback for us?
Contact the 24/7 Wall St. editorial team.

Latest from 24/7

Are 5,000 JPMorgan Branches Too Many?

These10 Credit Cards Pay You Back More Than 2% Back