On Feb. 22, 2018, the Securities and Exchange Commission (SEC) issued its first interpretive guidance since October 2011 on public companies’ cybersecurity risk and incident disclosure obligations. Although public companies are not subject to an express obligation to disclose data…
