In a continuing effort to regularize the disclosures provided by companies under new Item 1.05 of Form 8-K, the U.S Securities and Exchange Commission (SEC) recently issued additional guidance for disclosures on cybersecurity incidents.
On June 24, the staff of the Division of Corporation Finance released five new Compliance & Disclosure Interpretations (CDIs) about disclosure obligations under Item 1.05 of Form 8-K. These supplement four previous CDIs addressing the effect of consultation with or national security findings by the attorney general.
The director of the Division of Corporation Finance also issued a statement on June 24 relating to the selective disclosure of cybersecurity incidents. In this statement, the director emphasized that the new rules do not prohibit companies from discussing an incident beyond what was included in Item 1.05 of Form 8-K. Still, companies would need to ensure that any such additional information provided to third parties complied with Regulation FD, which prohibits selective disclosure of material nonpublic information to certain persons.
See Loeb's Full client alert here.