Insights & News
© 2017 Debevoise & Plimpton LLP
How to Disclose a Cybersecurity Event: Recent Fortune 100 Experience
12 September 2016
View Client Update
Debevoise analyzed how Fortune 100 companies disclosed recent data security breaches in their public filings. That analysis reveals that most make initial disclosures through their periodic reports following a cyber incident, rather than on a current report Form 8-K.
Periodic reports typically reflected the cybersecurity event in updated risk factors, sometimes by directly calling out the event and other times by revising risk factors in light of it, though without specific reference to the event.
These findings highlight the importance of early preparation and, in particular, identifying the company’s most valuable assets before a cyberattack, so that their status can be more easily ascertained post-breach, enabling timely and accurate disclosures.
Cybersecurity & Data Privacy
Regulatory, Reporting and Other Advisory Services
Paul M. Rodel
View More Authors
Financial CHOICE Act 2.0: Implications for the SEC and Capital Markets
Debevoise Lawyers Contribute to Development of a Cybercrime Investigations Guide
Debevoise Advises Nornickel on $1 Billion Eurobond Offering
SEC Reduces Standard Settlement Cycle from T+3 to T+2
Debevoise Women's Review