WASHINGTON (Reuters) – The U.S. Securities and Exchange Commission published on Wednesday updated guidance on how public companies should disclose cyber security risks and breaches.
The SEC unanimously approved the additional guidance Tuesday, saying it would promote “clearer and more robust disclosure” by companies facing cyber security issues, according to Chairman Jay Clayton.
The new guidance says that companies should disclose cyber security risks that have not yet been targeted by hackers. It also states that company executives must not trade in a company’s securities while possessing nonpublic information regarding cyber security attacks.
Reporting by Pete SchroederEditing by Chizu Nomiyama