In April 2018, the Securities and Exchange Commission (SEC) reached a $35 million settlement with Altaba, Inc. over charges that the company misled investors by failing to disclose a massive 2014 cyber breach. The settlement against Altaba, formerly known as Yahoo! Inc., came just a few months after the SEC published new guidance on cybersecurity disclosures.
While this SEC enforcement action was the first of its kind, it, along with the release of the 2018 guidance and the increasing frequency of cybersecurity-related comments from the agency, signaled the SEC's heightened attention to cybersecurity disclosure and the need to properly and promptly disclose breaches.
In their recent article for Directors & Boards, Corporate Partner Edward Normandin and Associate Matthew Repetto explain that while disclosure decisions can be difficult, by considering certain factors directors and officers can effectively manage the business, financial and legal implications of a cybersecurity breach.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.