For the first time in 30 years, the SEC has updated its risk factor disclosure guidance under Regulation S-K (Reg S-K).
One of the foundational updates replaces the requirement for issuers to disclose the “most significant” risk factors with “material” risk factors. That’s a significant shift in the SEC’s principles-based approach to risk factor disclosure that has implications for cybersecurity-focused risk factors and their disclosure.
Registrants should begin reviewing their risk factor disclosure now to prepare for the final rules going into effect for the 4th quarter 2020 Form 10-Q filing and the fiscal year 2020 10-K annual filing.
This DDN Insight is Part 1 of a series focused on what CIOs and CISOs need to understand about cybersecurity risk factor disclosures relative to this change and other trends. But first, some background.