Insights & News
© 2017 Debevoise & Plimpton LLP
How to Disclose a Cybersecurity Event: Recent Fortune 100 Experience
12 September 2016
View Client Update
Debevoise analyzed how Fortune 100 companies disclosed recent data security breaches in their public filings. That analysis reveals that most make initial disclosures through their periodic reports following a cyber incident, rather than on a current report Form 8-K.
Periodic reports typically reflected the cybersecurity event in updated risk factors, sometimes by directly calling out the event and other times by revising risk factors in light of it, though without specific reference to the event.
These findings highlight the importance of early preparation and, in particular, identifying the company’s most valuable assets before a cyberattack, so that their status can be more easily ascertained post-breach, enabling timely and accurate disclosures.
Cybersecurity & Data Privacy
Regulatory, Reporting and Other Advisory Services
Paul M. Rodel
View More Authors
UK Regulator Proposes Changes to IPO Process
Debevoise Advises Rexel in the Placement of €300 Million Senior Notes
UK Information Commissioner’s Office Issues GDPR Consent Guidance: What Business Should Know and Do
SEC Requires Hyperlinks to Exhibits and HTML Formatting for Many Filings
Debevoise Women's Review