What new 24-page memo from Securities Exchange Commission means for cybersecurity

Local News

SALT LAKE CITY, Utah(News4Utah) The Securities and Exchange Commission(SEC) has issued new guidance to protect ourselves on line. Robert Jorgensen, a professor of Cybersecurity at Utah Valley University, joined Emily Clark, to discuss the new measures.

Last week, the SEC issued a 24 page memo outlining how public companies should disclose cybersecurity risk to investors.

Investors should be aware of this new memo. The SEC requires that publicly traded companies provide disclosures about certain risk factors that apply to investors The SEC has recognized that cybersecurity risks are substantial enough that investors should be aware of a publicly traded company’s cybersecurity posture.

As a result, there are new recommendations. The SEC is primarily instructing companies to look at material effects of cybersecurity risk on the business and how those apply the Securities Act and the Exchange Act from the thirties.

At the same time, they aren’t recommending that companies have to reveal all the details of their cybersecurity strategies, because that might provide a road map for attackers.

Jorgensen says analyzing cybersecurity risks should be considered like other risks when looking to invest in a company. If a company isn’t disclosing any information about cybersecurity risk, it could indicate that the company may not be prepared in the event of a major incident.

For more on the newly-released memo, and other cybersecurity issues, visit UVU.edu/Cybersecurity.

Copyright 2020 Nexstar Broadcasting, Inc. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed.