CNET también está disponible en español.

Ir a español

Don't show this again

Security

SEC urges clearer disclosures about cybersecurity risks

Updated guidance offers suggestions on how and when public companies should disclose breaches and risks.

Getty Images

The US Securities and Exchange Commission on Wednesday issued new guidance on how and when public companies should disclose cybersecurity risks and breaches.

The "interpretive guidance" document (PDF) urges informing investors of risks in a timely fashion, including vulnerabilities that have not yet been targeted by hackers. The guidance also says executives should refrain from trading in the company's stock while in possession of nonpublic information about significant cybersecurity attacks.

The commission, which unanimously approved the updated guidance, believes the document will help "promote clearer and more robust disclosure by companies about cybersecurity risks and incidents, resulting in more complete information being available to investors," SEC Chairman Jon Clayton said in a statement.

The commission's guidance comes amid a surge in wide-reaching cybersecurity hacks and vulnerabilities, including one last year at Equifax in which cybercrooks stole a treasure trove of personal information from as many as 143 million people in the US. The credit-monitoring firm said it learned of the massive hack in July, but it waited until September -- more than a month -- to reveal it publicly.

Three days after the company discovered the breach, nearly $1.8 million in stock trades were made by Equifax executives, including the company's chief financial officer. The company has said the stock sales were pre-scheduled, but the US Justice Department has reportedly opened a criminal investigation into the trades.

Earlier this year, Intel CEO Brian Krzanich acknowledged selling hundreds of thousands of Intel shares in November, based on a plan filed in October, both months after the company learned of the vulnerabilities in its chips. But the stock sale was unrelated, Intel said.

Security: Stay up-to-date on the latest in breaches, hacks, fixes and all those cybersecurity issues that keep you up at night.

Blockchain Decoded: CNET looks at the tech powering bitcoin -- and soon, too, a myriad services that will change your life.