On October 3, 2011, the Securities and Exchange Commission published guidelines for publicly-traded corporations regarding cyber risk disclosures, which were updated and clarified in 2018. What types of information must publicly-traded corporations disclose regarding their exposure to cyber-security risks?

references:

1. Arthur Andersen LLP v. United States 544 U.S. 696 (2005) 2. In The Matter of Ernst & Young LLP, PCAOB Release NO. 1052012001, February 8, 2012 3. GRAMMLEACH BILEY ACT 501, 15 U.S.C. 6801Gramm-Leach Biley Act 501 4. FFIEC, Interagency Guidelines Establishing Information Security Standards, 2005 5. FFIEC, Interagency Guidance on Response Programs for Unauthorized Access to Customer Information and Customer Notice, 2005 6. SEC, Cybersecurity, 2011 7. United States v. Wachovia Bank,Southern District of Florida, 2010 8. Office of Foreign Assets Control 9. SEC Statement and Guidance on Public Company Cybersecurity Disclosures, pp. 5-13