The Securities and Exchange Commission (SEC) Chairman Jay Clayton announced the SEC’s approval of the “Commission Statement and Guidance on Public Company Cybersecurity Disclosures” under which “the disclosure requirements under the federal securities laws that public operating companies must pay particular attention to when considering their disclosure obligations with respect to cybersecurity risks and incidents.”  Chairman Clayton’s February 21, 2018 public statement entitled “Statement on Cybersecurity Interpretive Guidance” included these statements:

In today’s environment, cybersecurity is critical to the operations of companies and our markets.  Companies increasingly rely on and are exposed to digital technology as they conduct their business operations and engage with their customers, business partners, and other constituencies. 

This reliance on and exposure to our digitally-connected world presents ongoing risks and threats of cybersecurity incidents for all companies, including public companies regulated by the Commission. 

Public companies must stay focused on these issues and take all required action to inform investors about material cybersecurity risks and incidents in a timely fashion

Better late than never, and it will be interesting to see what is reported!