Cybersecurity remains a key concern for our increasingly digital society and economy. With each new publicly-announced breach of personal information through a computer hack, businesses are questioned increasingly as to whether they have adequate controls to prevent cyber intrusions and incident response plans to contain, remedy and mitigate any breach that may occur.
Responsibility for overseeing a corporation’s cyber-preparedness falls ultimately to its board of directors. In the US, the Securities and Exchange Commission (the “SEC”) has increased its scrutiny of publicly companies regarding their cybersecurity approach from a number of perspectives, including disclosure requirements and maintaining adequate internal controls.
The SEC issued interpretive guidance in February 2018 to assist public companies in disclosing, and crafting policies and procedures for reporting, risk management and preventing insider trading in relation to cybersecurity risks and incidents.