The SEC recently agreed to a $1,000,000 settlement of an enforcement action against Morgan Stanley for its failure to have sufficient data security policies and procedures to protect customer data. The settlement was significant for its amount. The true noteworthiness here, however, lies not in the end result but the implications of how it was
The SEC’s Guidance on Cyber Risks and Incidents: A Deeper Dive
In October 2011, the U.S. Securities and Exchange Commission’s Division of Corporation Finance issued “CF Disclosure Guidance: Topic No. 2”, which was a guidance intended to provide some clarity as to the material cyber risks that a publicly traded company should disclose. I previously wrote about the guidance. This blog post is the first of…
The SEC Is Cracking Down on Companies That Do Not Disclose Cyber Incidents
As I wrote in a previous post, the Securities and Exchange Commission’s (SEC) Division of Corporation Finance issued a Disclosure Guidance on October 13, 2011, that states publicly traded companies may be obligated to disclose cyber incidents and the risk of cyber incidents, depending on the application of various factors.
Now, according to a…