Directors Must Heed SEC On Cybersecurity And Social Media
First published by Law360, May 20, 2019
By Clifford Thau, Amy Riella, Laurel Fensterstock and Logan Lewis
In recent years, the U.S. Securities and Exchange Commission has demonstrated an increased willingness to investigate and enforce violations of the federal securities laws arising from cybersecurity breaches and information disseminated through a company’s social media outlets, including by bringing actions directly against individual directors and officers.
SEC guidance and enforcement actions make clear that the SEC expects companies to take certain precautions with respect to avoiding and remediating cybersecurity breaches, and that the SEC now views information disclosed via social media as a formal disclosure made by a company, which in turn will be subject to the SEC’s reporting requirements and regulations.
As a result of several high-profile cyber breaches and matters involving disclosures through social media, officers and directors are increasingly involved with their companies’ cybersecurity and social media strategies. Despite this increased awareness, reports indicate that many officers and directors remain insufficiently protected from potential enforcement actions — and underprepared for SEC compliance inspections and examinations relating to cybersecurity and social media.
To learn more about how boards should respond to this heightened focus, click here.