SEC Rules Making Cyber Disclosures Public May Raise Risk

Matt Franker and Caleb Skeath's commentary were included in a Law360 article about how the SEC's cybersecurity rules will require disclosures that companies have typically been able to keep private or reveal in a controlled manner, ramping up the potential for increased attention from regulators, shareholders, and hackers.

"This is really going to force companies to assess materiality more quickly than normally in these type of events, and that standard may be difficult for companies and SEC staff to apply because it's inherently subjective," Matt said. "Prior to the effective date, at least initially, we'll probably see more 8-K filings than we would have in absence of the rules."

Caleb acknowledged that "Once these disclosures are out in the open, not only are the SEC and investors reading them, but they'll also be other regulators, customers, business counterparts, litigants and others out there monitoring and scrutinizing what's been said." Thus, Caleb states, "companies need to consider what they're disclosing and how they're framing it not only from the point of view of meeting the SEC's requirements, but also from these other perspectives to make sure they're not opening themselves up to new areas of risk and scrutiny."