Skip to content

Directors Must Heed SEC On Cybersecurity And Social Media

By Clifford Thau, Laurel Fensterstock and Logan Lewis

In recent years, the U.S. Securities and Exchange Commission has demonstrated an increased willingness to investigate and enforce violations of the federal securities laws arising from cybersecurity breaches and information disseminated through a company’s social media outlets, including by bringing actions directly against individual directors and officers.

SEC guidance and enforcement actions make clear that the SEC expects companies to take certain precautions with respect to avoiding and remediating cybersecurity breaches, and that the SEC now views information disclosed via social media as a formal disclosure made by a company, which in turn will be subject to the SEC’s reporting requirements and regulations.

As a result of several high-profile cyber breaches and matters involving disclosures through social media, officers and directors are increasingly involved with their companies’ cybersecurity and social media strategies. Despite this increased awareness, reports indicate that many officers and directors remain insufficiently protected from potential enforcement actions — and underprepared for SEC compliance inspections and examinations relating to cybersecurity and social media.

To learn more about how boards should respond to this heightened focus, click here.

This information is provided by Vinson & Elkins LLP for educational and informational purposes only and is not intended, nor should it be construed, as legal advice.