Cybersecurity

SEC moves to quash insider trading on cyber breach news

shutterstock image id ID: 186823331 by DD Images 

The Securities and Exchange Commission released new guidance on Feb. 21 that provides additional details for how publicly traded companies should be handling data breach disclosures.

SEC Chairman Jay Clayton warned that as companies become increasingly reliant on technology and internet connectivity to store, process and share their sensitive data, the threat of hacking and data breaches will only get worse.

"I believe that providing the commission's views on these matters will promote clearer and more robust disclosure by companies about cybersecurity risks and incidents, resulting in more complete information being available to investors," said Clayton. 

The guidance addresses two issues related to the recent wave of data breaches: company obligations for putting in place timely and effective breach disclosure policies, and executives who sell company shares after learning about a hack but before informing investors and the public.

"In particular, I urge public companies to examine their controls and procedures, with not only their securities law disclosure obligations in mind, but also reputational considerations around sales of securities by executives," said Clayton.

In 2017, credit firm Equifax drew widespread outrage from the public, consumer watchdogs and Congress after it was revealed that just days before the company announced a data breach that compromised the personal information of at least 145 million Americans, three senior executives sold a combined $1.8 million in company stock. Intel CEO Brian Krzanich sold as much as $24 million in company stock in November 2017, months after the firm learned about the Meltdown and Spectre bugs inherent in their processing chips and well in advance of the public disclosure.

The guidance makes clear that the SEC views this as questionable activity and that companies that engage in such behavior risk reputational harm and increased scrutiny from regulators.

"[D]irectors, officers, and other corporate insiders must not trade a public company's securities while in possession of material nonpublic information, which may include knowledge regarding a significant cybersecurity incident experienced by the company," the new guidance states.

The SEC also makes it clear that it is the responsibility of publicly traded companies to put policies and procedures in place to facilitate timely and effective disclosure of data breaches.

About the Author

Derek B. Johnson is a senior staff writer at FCW, covering governmentwide IT policy, cybersecurity and a range of other federal technology issues.

Prior to joining FCW, Johnson was a freelance technology journalist. His work has appeared in The Washington Post, GoodCall News, Foreign Policy Journal, Washington Technology, Elevation DC, Connection Newspapers and The Maryland Gazette.

Johnson has a Bachelor's degree in journalism from Hofstra University and a Master's degree in public policy from George Mason University. He can be contacted at djohnson@fcw.com, or follow him on Twitter @derekdoestech.

Click here for previous articles by Johnson.


Featured

  • Telecommunications
    Stock photo ID: 658810513 By asharkyu

    GSA extends EIS deadline to 2023

    Agencies are getting up to three more years on existing telecom contracts before having to shift to the $50 billion Enterprise Infrastructure Solutions vehicle.

  • Workforce
    Shutterstock image ID: 569172169 By Zenzen

    OMB looks to retrain feds to fill cyber needs

    The federal government is taking steps to fill high-demand, skills-gap positions in tech by retraining employees already working within agencies without a cyber or IT background.

  • Acquisition
    GSA Headquarters (Photo by Rena Schild/Shutterstock)

    GSA to consolidate multiple award schedules

    The General Services Administration plans to consolidate dozens of its buying schedules across product areas including IT and services to reduce duplication.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.