Abstract
Cybersecurity is one of the gravest threats facing public companies, the markets, and the economy at large today. Because of this pressing threat, the SEC has increased its attention to cybersecurity. In 2018 interpretive guidance, consistent with the mandatory disclosure regime established by federal securities regulation, the SEC stipulated that public companies have a duty to disclose those cybersecurity risks and incidents that are material to investors. The 2018 guidance added little, however, and instead parroted earlier guidance from the SEC’s Division of Corporation Finance. Moreover, the SEC itself has been plagued by cybersecurity problems. This Note asserts that to regulate cybersecurity effectively, the SEC must both strengthen its own cybersecurity and further expand upon, rather than simply repeat, the obligation of public companies to disclose cybersecurity risks and incidents.
Files
Metadata
- Subject
Business Organizations Law
Internet Law
Science and Technology Law
Securities Law
- Journal title
Boston College Law Review
- Volume
61
- Issue
4
- Pagination
1535
- Date submitted
6 September 2022