This site uses cookies to provide you with a more responsive and personalized service. By using this site you agree to our use of cookies. Please read our cookie notice for more information on the cookies we use and how to delete or block them.

Global > United States > Services > Featured Services > Deloitte Sustainability > Compliance Reporting

Global site selector

Recent SEC Guidance on Cybersecurity Disclosure Obligations

Considering potential environmental impacts and insurance coverage issues

DOWNLOAD

In response to stakeholder petitions and Congressional requests seeking improvements in corporate risk disclosures, the Securities and Exchange Commission (SEC) has been active in issuing guidance to enhance disclosure obligations. The SEC has entered into new areas with the issuance of its Climate Change Disclosure Guidance in 2010 and the more recent proposals drafted in conjunction with the Dodd-Frank Act that would require disclosure of certain health and safety compliance violations. Inadequate disclosures of environmental, health, and safety and “sustainability” risks have been used as examples by investors in complaints to the SEC as they are perceived to be a tangible reflection of company management; mis-management results in direct impact not only to investors but also to the public at large.

The SEC’s Division of Corporate Finance (Division) recently issued guidance that responds to concerns regarding how organizations are getting ahead of the evolving technology and these threats. The guidance draws upon existing disclosure obligations for support. Accordingly, this latest development is a continuation of the recent evolution of disclosure requirements designed to encourage companies to address their vulnerability and readiness to respond to business risks that are increasingly difficult to anticipate and manage given trends in globalization, technological innovation, and stakeholder expectations for performance.

This article by Kathryn D. Pavlovsky, Principal, Deloitte Financial Advisory Services LLP, and Vincent E. Morgan, Partner, Pillsbury Winthrop Shaw Pittman LLP addresses three topics. It begins with a brief discussion of the recent guidance. Next, it offers recommendations to companies on how to incorporate this guidance into their disclosure controls and procedures by exploring examples of cybersecurity risks through the lens of potential environmental incidents. Finally, it uses that framework to analyze the implications of the Division’s reference to insurance as an appropriate subject of disclosure concerning cybersecurity risks.

The article was originally published by Bloomberg Finance L.P. in the Vol. 6 No. 1 edition of the Bloomberg Law Reports—Commercial Insurance.

Audit & Enterprise Risk Services

Consulting

Financial Advisory Services

Tax

Deloitte Growth Enterprise Services

Featured Services

2013 Industry Outlook

Aerospace & Defense

Automotive

Banking & Securities

Consumer Products

Federal Government

Health Care Providers

Health Plans

Insurance

Life Sciences

Media & Entertainment

Oil & Gas

Power & Utilities

Private Equity, Hedge Funds & Mutual Funds

Process & Industrial Products

Real Estate

Retail & Distribution

State Government

Technology

Telecom

Travel, Hospitality & Leisure

Deloitte University Press

Browse by Content Type

Browse by Role

Innovation Centers

Email Subscriptions

Recent SEC Guidance on Cybersecurity Disclosure Obligations

Considering potential environmental impacts and insurance coverage issues

Attachments

Related links

Share this page

Stay connected