Megan Brown Discusses Disclosure Requirements for Banks Regarding Cyber Incidents

June 8, 2018

Megan L. Brown, a partner in Wiley Rein’s Privacy & Cybersecurity Practice, was quoted by American Banker in a June 7 article about banks’ obligations to disclose any cybersecurity incidents that could lead to financially material losses.  

The U.S. Securities and Exchange Commission (SEC) has indicated in recent guidance that banks and other publicly traded companies should quickly disclose cyberattacks to the public to protect investors from financial losses, according to the article.

Ms. Brown said it may be a challenge for banks to ascertain what should be disclosed based on the financially material rule, because while it is easy for a company to determine if a breach is material to its own finances, it is more difficult to determine if it would have a financial impact on investors.

“The question is, what would a shareholder claim in a lawsuit that is material for them in making an investment decision,” Ms. Brown said. “It’s fairly unclear from the SEC guidance” what a company should use to make that determination, she said.