BETA
This is a BETA experience. You may opt-out by clicking here

More From Forbes

Trump Stock (DJT) Is Overvalued-But You Might Be Crazy To Short It
Q1 Had Market Surprises, But Biggest One May Not Yet Have Arrived...
Indices Have All Their Eggs In One Basket That May Soon Tumble & Crack
AI is Red Hot: Will Investors Get Burned On Nvidia And Super Micro?
When Is Executive Compensation Excessive? Elon Musk and Beyond
Financial Markets Teeter On Rate Cut & Inflation Uncertainty
Edit Story
ForbesMoneyPersonal Finance

Insider Trading Can Pose Cybersecurity Risks Says SEC Chair Clayton

Ted Knutson
Contributor
Opinions expressed by Forbes Contributors are their own.
I cover financial regulatory issue, cybersecurity, fintech & bitcoin.
Following
This article is more than 6 years old.
Tweet This

Securities and Exchange Commission Chair Jay Clayton warned today insider trading by executives from undisclosed hacks and weak protections can pose cybersecurity risks to the reputation of a company.

Clayton’s warning came with the unveiling of new SEC cyber guidance approved by the Commission Tuesday.

“Companies are well served by considering the ramifications of directors, officers and other corporate insiders trading in advance of disclosures regarding cyber incidents that prove to be material,” said the Commission in the guidance.

The Commission cautioned firms that failure to disclose cybersecurity risks or incidents adequately could put them in danger of running afoul of anti-fraud laws.

Like so many of the categories of information, the SEC guidance directs companies to make public, the chief obligation in the cyber realm is information the agency believes is material.

The regulator said cyberrisk and hacking developments are material if there is a substantial likelihood that a reasonable investor would consider the information important in making an investment decision.

In the guidance, the agency said companies can be right to keep some cybersecurity measures secret that would provide a roadmap for hackers.

“We do not expect companies to publicly disclose specific, technical information about their cybersecurity systems, the related networks and devices, or potential system vulnerabilities in such detail as would make such

systems, networks, and devices more susceptible to a cybersecurity incident,” the regulator said in the recommendations.

The SEC added financial statements must list cybersecurity matters including expenses from investigations, breach notification, remediation and litigation; revenue losses from breaches and increased financing costs.

It increasingly important for investors to know how boards are engaging with management on cybersecurity, the guidance said.

Legally-mandated CEO and principal financial officer certifications of the design and effectiveness of disclosure controls and procedures should take into account the adequacy of cybersecurity protections, the guidance states.

Ted Knutson
Ted Knutson