The Securities and Exchange Commission (SEC) will vote today to consider a proposal to mandate cybersecurity disclosures by public companies “to reflect the evolving risks and investor needs.”
By Yaёl Bizouati-Kennedy
See: Real Estate Investing Guru Mindy Jensen Says To Avoid These Types of Properties Find: Money Confidential’s Stefanie O’Connell Rodriguez: ‘Start Small’ If You’re Intimidated by Investing
The vote comes against the backdrop of increased potential cybersecurity threats from Russia, as well as renewed calls from politicians and experts for companies to protect themselves.
“I am pleased to support this proposal because, if adopted, it would strengthen investors’ ability to evaluate public companies’ cybersecurity practices and incident reporting,” SEC chair Gary Gensler said in a statement. “We’ve been requiring disclosure of important information from companies since the Great Depression. The basic bargain is this: Investors get to decide what risks they wish to take. Companies that are raising money from the public have an obligation to share information with investors on a regular basis.”
More From Your Money: Choose a high-interest saving, checking, CD, or investing account from our list of top banks to start saving today.
CNBC reported that an SEC spokesperson noted these proposals had been under consideration for some time, but that the crisis in the Ukraine had given them a “special relevance.”
The SEC’s proposal includes amending the Form 8-K to require registrants to disclose information about a material cybersecurity incident within four business days after the registrant determines that it has experienced a material cybersecurity incident. Further, the proposal would require registrants to provide updated disclosure relating to previously disclosed cybersecurity incidents and to require disclosure, to the extent known to management, when a series of previously undisclosed individually immaterial cybersecurity incidents has become material in the aggregate, per the rule’s fact sheet.
“Cybersecurity incidents, unfortunately, happen a lot,” Gensler said in the statement. “They can have significant financial, operational, legal, and reputational impacts on public issuers. Thus, investors increasingly seek information about cybersecurity risks, which can affect their investment decisions and returns.’
SEC commissioner Caroline Crenshaw wrote in a statement that the sophistication and frequency of cyberattacks have increased as of late, “and that increase has imposed corresponding economic harms and increased expenses on companies, and their investors. In the most high-profile examples, we have seen outright halts in production and multi-million dollar ransom payments.”
The sole dissenting opinion comes from commissioner Hester Peirce, who wrote in a statement that “the governance disclosure requirements embody an unprecedented micromanagement by the Commission of the composition and functioning of both the boards of directors and management of public companies.”
Learn: 7 Unexpected Cities To Invest in Property in 2022 Explore: 8 Best Cryptocurrencies To Invest In for 2022
“The tension between ensuring that investors get material cybersecurity incident information and protecting the ability of law enforcement to pursue wrongdoers is difficult to resolve appropriately, and I look forward to hearing how commenters would resolve it,” Peirce wrote.