It’s a material world—why the SEC’s Yahoo! penalty really matters

Determining whether to notify when struck by a cyberattack can be a complex undertaking, but the SEC’s recent $35 million penalty levied on Yahoo! Inc. for untimely disclosure of its breach raises the stakes for corporations. The need for a proactive, well-thought out regulatory notification strategy, and an awareness of the dangers of default non-disclosure positions, has never been greater.

  • SEC guidance requires that organizations “take all required actions  to inform investors about material cybersecurity risks and incidents in a timely fashion.”
  • There is no bright line rule delineating what constitutes materiality, putting the premium on sound judgment and well designed policies.
  • Organizations can help themselves by being able to “show their math” as to how decisions to disclose or not were made.

Learn more.

Back to top