Abstract
The Security Exchange Commission’s (SEC) cybersecurity rules require that public companies disclose a material cyber threat or incident and the impact of the incident on the company’s business Corporate boards must disclose any cyber-related information that would affect a reasonable shareholder’s investment decisions. These rules delegate to the corporate board and management the decision of which cybersecurity events qualify as material to investors. Directors and officers must also decide when and how to disclose to the SEC, and what information to report.
The SEC Cybersecurity Rules increase compliance and litigation costs for public companies, as shareholders can use this information to litigate against the company’s board and management. Shareholders might argue that directors and officers did not comply with the regulatory framework and failed in their duty to monitor cybersecurity, causing a drop in the company’s share price. This Comment recommends measures for public companies to improve corporate governance and prevent shareholder litigation by complying with the Cybersecurity Rules.
Included in
Banking and Finance Law Commons, Business Organizations Law Commons, Law and Economics Commons, Science and Technology Law Commons, Securities Law Commons