Trends & Insights

Offering our expertise, guidance and thought leadership on trends and insights that affect organizations. This section delivers articles and thought leadership pieces to help simplify the complexities businesses face in an ever expanding and changing environment.

Trending Today

Furlough FAQ – What Employers Need to Consider
A staff furlough might be a more strategic option than a lay-off.

LEARN MORE »

COVID-19 State Relief Matrix
Relief opportunities are changing daily, our SALT specialists have summarized these opportunities.

LEARN MORE »

SBA Loans: The Basics of Personal Guarantees
Make sure you understand the details, both limited and unlimited.

LEARN MORE »
People
SpotLight

Matt Armanino

As chief executive officer and managing partner, Matt focuses on firm-wide growth and bringing innovation to every part of the firm’s infrastructure in order to better create value and drive successful outcomes for clients. He leads the development of Armanino’s short- and long-term plans, including strategic partnerships, new solutions...
READ MORE »
Search People By Function OR

Alphabetical by Last Name
A

B

C

D

E

F

G

H

I

J

K

L

M

N

O

P

Q

R

S

T

U

V

W

X

Y

Z

all
Offices

Dallas
Denver
Downtown Los Angeles
El Segundo
Irvine
Naperville
San Francisco
San Jose
San Ramon
Seattle
West Los Angeles
Woodland Hills
Departments

Audit
Blockchain
Business Management
Consulting
Of Counsel
Operations
Risk Assurance & Advisory Services
Tax
Services
Services
Audit

A-133 Audit
Audit Procedures
Benefit Plan Audits
Financial Statement Audit
Reviews & Compilations
SEC Audits

Risk Assurance & Advisory

Contract Compliance Audits
Cybersecurity Services
Privacy Services
HITRUST
Internal Audit
ISO 27001
SOC Audit
SOX Compliance
Third-Party Assurance
Tax

Corporate Tax Outsourcing
Federal Tax Preparation
IPO Tax Consulting
R&D Tax Credits
Sales and Use Tax
State and Local Tax
Tax Provision
Individual Tax Planning
International Tax Services
Transfer Pricing
Nonprofit Tax Services

Private Wealth

Family Office Services
Individual Tax Planning
Trust & Estate Planning

Blockchain

Business Management
Consulting
Artificial Intelligence Lab
Business Application Consulting
Budget Planning & Forecasting
Business Application Strategy
Business Intelligence
Customer Relationship Management (CRM)
Enterprise Resource Planning (ERP)
Managed Services
Business Outsourcing Services
Corporate Finance
Executive Search
HR Outsourcing
Finance and Accounting Services
Interim Financial Management
Restructuring Services
CFO Consulting & Advisory
Business Valuations
Compensation & Benefits Planning
Equity Management Consulting
Forensic Accounting
IPO Readiness
Lease Accounting (ASC 842)
Mergers & Acquisitions (M&A)
Revenue Recognition (ASC 606)
Technical Accounting
Cloud Solutions
Strategy and Transformation
Systems Implementation
Software Solutions
Software Solutions
Step-by-Step Guide to Selecting an ERP Solution

An ERP solution is an important investment but the selection process can be a daunting task. Our straightforward guide provides a comprehensive framework of considerations to drive your selection process.

Get Your Free ERP Selection Guide
Software Products

Adaptive Insights
BlackLine
Certent
Microsoft Dynamics
D365 CRM
D365 ERP
Dynamics GP
Dynamics Upgrades
Microsoft Power BI
Sage Intacct
Salesforce
Shareworks
Workiva
Integration Solutions

Software Integrations & Toolkits
Industries
Industries
Armanino is comprised of seasoned professionals who offer you a wealth of experience and insights across a broad range of industries and services. We work interactively and proactively to ensure our clients achieve their financial goals long-term.
Cannabis
Consumer Business
Cryptocurrency
Education
Higher Education
Private Schools
Energy
Entertainment
Financial Services
Mortgage Pools
Private Equity Funds
Food & Beverage
Franchise
Healthcare
Insurance
Law Firms
Life Sciences
Medical Devices
Pharmaceuticals
Manufacturing, Distribution &
Wholesale
High-Tech
Nonprofit
Professional Services
Real Estate
Solid Waste
Technology
Semiconductor
Software & SaaS Companies
Events
Armanino offers webinars and live events to keep you informed and educated on business practices, processes, changes in rules and the latest trends and issues that affect your organization. Attending webinars and seminars are an effective method to gain knowledge on important issues from industry subject experts.
Search Events By

By Event Type
Live Event
Webinar
Location
Midwest
Northern California
Pacific Northwest
Southern California
Upcoming Events

04/09/20

Planning in Volatile Times: How Golden Gate Builds a Bridge to the Other Side

Register »

04/20/20

App-in-a-Day Workshop with Armanino - Dallas

Register »

04/28/20

App-in-a-Day Workshop with Armanino - Houston

Register »

FIND MORE UPCOMING EVENTS »

Home > Trends & Insights > SEC Plans to Update Guidance on Disclosing Cybersecurity Risks

Article

Friday, February 23, 2018

SEC Plans to Update Guidance on Disclosing Cybersecurity Risks

In the wake of hacks such as the 2017 Equifax breach, which exposed personal information of roughly 145.5 million people, the Securities and Exchange Commission (SEC) has announced plans to update its interpretive guidance for disclosing cybersecurity issues. The SEC wants to remind public companies of their responsibility to keep investors informed when data is breached or severe hacks are attempted.

Need for change

At a recent American Bar Association meeting, David Fredrickson, chief counsel of the SEC’s Division of Corporation Finance, said that the SEC doesn’t expect to overhaul its Disclosure Guidance: Topic No. 2, Cybersecurity. But he said that the SEC needs to “refresh” it. Specifically, it plans to consider whether important information about cybersecurity should be disclosed to stakeholders within the context of the existing rules. For example, companies may need to beef up their management’s discussion and analysis (MD&A) and footnote disclosures to reflect potential cyber risks and material financial implications of data breaches.

The current guidance on cybersecurity, which was published in 2011, doesn’t include a specific requirement for companies to disclose computer system intrusions. The SEC’s effort to update the guidance comes amid concerns that more public companies have been experiencing attacks to their computer systems, but their disclosures haven’t been timely or informative enough.

Investors in the past few years have been especially vocal about pushing companies to provide more information about cybersecurity. And SEC Chairman Jay Clayton has told lawmakers during congressional hearings that he believes companies can do a better job of disclosing the risks they face and the hacks into their computers.

Substance over form

Regulators in the SEC haven’t decided whether the update will be issued in the form of staff-level guidance or a regulatory release approved by the SEC’s commissioners. But Fredrickson has identified two new areas the SEC needs to address in the update:

Financial reporting controls and procedures that identify and disclose cybersecurity threats in a timely manner
Corporate strategies and policies regarding cybersecurity prevention, detection and breach response

Many public companies welcome additional guidance from the SEC. Currently, executives often find it difficult to determine the appropriate time to disclose a hack into their systems.

On the one hand, public companies feel a responsibility to share relevant information openly and honestly with stakeholders. On the other, they don’t want to prematurely disclose information about a breach before they know the extent of the damage or to release inaccurate information that later needs to be revised. Company executives may also be working with law enforcement, in which case they don’t want to disclose information that could compromise the investigation.

Lead by example

Public companies aren’t the only entities that struggle with determining the appropriate cyber-disclosures; the SEC has also faced criticism over how quickly it disclosed a breach of its own systems. Last September, the SEC reported a 2016 hack of its Electronic Data Gathering, Analysis and Retrieval (EDGAR) filing system, which likely led to illegal stock trades.

Senator Sherrod Brown (D-OH), a ranking member of the Senate Banking Committee, told regulators during a September hearing that the SEC must abide by the same, or even a higher standard than that applied to companies. Brown also questioned why the SEC seemed to have swept the issue under the rug and whether other information is at risk.

Plan your breach protocol

Does your company have policies and procedures in place in case its systems are hacked? When a business is struck by a data breach, it’s not the time for do-it-yourself disclosures. Many legal and financial issues are at stake, so it’s important to have a premeditated team of professional advisors—including legal, insurance and financial experts—to handle breach response, measure the impact and mitigate potential losses.

COMMENTS

comments powered by Disqus

Contact an Expert

Liam Collins
Partner

Liam has more than 18 years of assurance and consulting experience, including 10 years with Big Four firms. He leads the firm’s Risk Assurance and Advisory Services practice, which includes the firm’s Cybersecurity, Privacy, Service Organization Control (SOC) audit, HiTrust, ISO27001, Sarbanes-Oxley (SOX), Internal Audit and IT Compliance service lines. Before joining Armanino, Liam served as a Managing Director at KPMG, where he was engagement Partner on a number of large assurance and consulting projects. He has also held audit, assurance and IT leadership roles at PricewaterhouseCoopers (PwC), ControlMetric, Clare Chapman and Prodapt.

Liam is a member of the American Institute of CPAs and the Information Systems Audit and Control Association (ISACA). He received a BSc. in Accounting from Golden Gate University, a JD from the University of San Francisco School of Law and an MBA from the Wharton School at the University of Pennsylvania.