Increased Regulatory Focus on Cybersecurity Underscores Need for Public Companies to Review Cybersecurity-Related Disclosures
As a result of recent highly-publicized data breaches at a number of public companies, lawmakers and regulators have become increasingly focused on the issue of cybersecurity. Renewed attention on cybersecurity is evident, for example, in the various bills pending in Congress that address the issue, such as by seeking to require companies to implement certain data privacy and security standards and to notify customers of breaches within a specified time period. Additionally, in accordance with an executive order issued by President Obama, the National Institute of Standards and Technology recently released its “Framework for Improving Critical Infrastructure Cybersecurity,” which provides a set of voluntary “industry standards and best practices to help organizations manage cybersecurity risks.” And Securities and Exchange Commission (“SEC”) Chairman Mary Jo White testified last month before the U.S. Senate Committee on Banking, Housing, and Urban Affairs that information security is among the 2014 examination priorities of the SEC’s National Exam Program.