Insights & Publications
Diversity, Equity & Inclusion
© 2024 Debevoise & Plimpton LLP
How to Disclose a Cybersecurity Event: Recent Fortune 100 Experience
12 September 2016
View Client Update
Debevoise analyzed how Fortune 100 companies disclosed recent data security breaches in their public filings. That analysis reveals that most make initial disclosures through their periodic reports following a cyber incident, rather than on a current report Form 8-K.
Periodic reports typically reflected the cybersecurity event in updated risk factors, sometimes by directly calling out the event and other times by revising risk factors in light of it, though without specific reference to the event.
These findings highlight the importance of early preparation and, in particular, identifying the company’s most valuable assets before a cyberattack, so that their status can be more easily ascertained post-breach, enabling timely and accurate disclosures.
Data Strategy & Security
Regulatory, Reporting and Other Advisory Services
Paul M. Rodel
Brett M. Novick
View More Authors
UK Modern Slavery Act Transparency Statement
Debevoise Login (2)
Debevoise Women's Review