KPM

Search
Menu
Contact Us
Search
PAY NOW
KPM_LOGO
PAY NOW
Menu
  • Articles, Assurance, Featured, Home
Inventory Management WIP Non-GAAP Metrics Reduce Billing Bottlenecks Auditor Independence Accounting Methods Year-End Financials Auditing Revenue Recognition Inventory Management System Access To Capital M&A Due Diligence What Is Materiality Job-Costing Systems Technology Bank Reconciliation Cybersecurity New Segment Expense Disclosure Rules QuickBooks To Prepare 2024 Budgets Safeguard Organization Assets Offsetting Rules Inventory Count negotiation M&A Accounting Monthly Financial Close Shareholder advance Payroll challenges Prepare for audit QuickBooks income tax Crypto Accounting Percentage-Of-Completion Financial Statement PCAOB Overhead Mileage in QuickBooks UTPs Cross-Train Employee Benefit Plan Audits Accounts Receivable

Cybersecurity Matters

Investors, lenders, and other stakeholders have been vocal in recent years about pushing companies to provide more information in their financial reports about cybersecurity. Could your company do a better job disclosing cyberrisks and recent hacks?

Most public companies could do better, according to recent testimony during congressional hearings by Jay Clayton, Chairman of the Securities and Exchange Commission (SEC). Here are ways his agency is attempting to ‘refresh’ the disclosure guidance.

Updating the guidance

The SEC does not expect to overhaul its Disclosure Guidance: Topic No. 2, Cybersecurity. Rather, it plans to consider whether important information about cybersecurity should be disclosed to stakeholders within the context of the existing rules. For example, companies may need to increase their management’s discussion and analysis and footnote disclosures to reflect potential cyberrisks and material financial implications of data breaches.

The current guidance on cybersecurity, which was published in 2011, does not include a specific requirement for companies to disclose computer system intrusions. The SEC’s effort to update the guidance comes amid concerns that more public companies have been experiencing attacks to their computer systems, but their disclosures have not been timely or informative enough.

Changes in the works

Regulators in the SEC do not know whether the update will be issued in the form of staff-level guidance or a regulatory release approved by the SEC’s commissioners, but they have decided to address two key areas in the update:

  • Financial reporting controls and procedures that identify and disclose cybersecurity threats in a timely manner
  • Corporate strategies and policies regarding cybersecurity prevention, detection, and breach response

Many companies welcome additional guidance from the SEC because it can be difficult to determine the appropriate time to disclose a hack into their systems.

On one hand, companies feel a responsibility to share relevant information openly and honestly with stakeholders. On the other, they do not want to prematurely disclose information about a breach before they know the extent of the damage or to release inaccurate information that later needs to be revised. Company insiders also may be working with law enforcement, in which case they do not want to disclose information that could compromise the investigation.

Team approach

Regardless of whether your business is public or private, it is important to assemble a team of professional advisors — including legal, insurance, and financial experts — to identify risk factors and to handle breach response, measure the impact, and mitigate potential losses. We can help you provide transparent and timely information to your stakeholders.

Related Articles

Fraud

Occupational Fraud: Identifying Perpetrators and Preventing Losses

Individual Tax

Renting Out Your Home: The Pros & Cons

Small Business Tax

Establish A Tax-Favored Retirement Plan Today

Talk with the pros

Our CPAs and advisors are a great resource if you’re ready to learn even more.

Contact us