Target. Home Depot. Equifax. Now, UnderArmour. With so many companies experiencing high profile data breaches, it was only a matter time before the Securities and Exchange Commission (SEC) introduced new cyber security disclosure guidance . Last month, they did just that.

You can read Protiviti’s interpretation of the new guidance in this blog post or our full flash report on Protiviti.com, but the gist of the guidance is that organizations should:

  • Consider the materiality of cyber security risks and incidents in their disclosure preparation
  • Make sure that their insiders are compliant with insider trading laws (in other words, don’t dump stock right before announcing a major security event)
  • Evaluate the right potential risk factors and their impact on your organization
  • Ensure that your Board of Directors provides the right oversight of the how the organization manages its cyber security
  • BE PREPARED for a potential breach and have appropriate disclosure controls and procedures in place

The flash report goes on to outline 5 action items that management should take to make sure they can comply with the new guidance. Check out the full flash report for more information.

Chief Audit ExecutiveChief Financial OfficerChief Information OfficerCISOSEC Reporting