Skip to main content
LIRA@BC Law

Abstract

Cybersecurity is one of the gravest threats facing public companies, the markets, and the economy at large today. Because of this pressing threat, the SEC has increased its attention to cybersecurity. In 2018 interpretive guidance, consistent with the mandatory disclosure regime established by federal securities regulation, the SEC stipulated that public companies have a duty to disclose those cybersecurity risks and incidents that are material to investors. The 2018 guidance added little, however, and instead parroted earlier guidance from the SEC’s Division of Corporation Finance. Moreover, the SEC itself has been plagued by cybersecurity problems. This Note asserts that to regulate cybersecurity effectively, the SEC must both strengthen its own cybersecurity and further expand upon, rather than simply repeat, the obligation of public companies to disclose cybersecurity risks and incidents.

Files

File nameDate UploadedVisibilityFile size
06_rabinowitz_web_A1b.pdf
6 Sep 2022
Public
382 kB

Metrics

Metadata

  • Subject
    • Business Organizations Law

    • Internet Law

    • Science and Technology Law

    • Securities Law

  • Journal title
    • Boston College Law Review

  • Volume
    • 61

  • Issue
    • 4

  • Pagination
    • 1535

  • Date submitted

    6 September 2022