In response to the increase in digital technology, and the severity and frequency of cybersecurity threats and incidents, the SEC issued interpretive guidance. The guidance does not establish new disclosure obligations but rather presents the SEC’s views on how its existing rules should be interpreted in connection with cybersecurity threats and incidents. It also emphasized that registrants are responsible for disclosing appropriate information to keep investors informed and must balance the need for timely disclosure with the level of detail they can provide about such incidents.

Source: Wall Street Journal April 27, 2018 19:18 UTC