On February 20, 2018, the SEC issued updated guidance to assist public companies when preparing disclosures about cybersecurity risks and incidents, reinforcing and expanding guidance issued in 2011.
The new guidance, intended to promote clearer and stronger disclosures regarding cybersecurity risks and incidents, highlights the importance of policies and procedures related to disclosure controls and procedures, insider trading and selective disclosures.
For more information, see here.