Skip to main content
Home
Home

Corp Fin Clarifies That Companies Can Share Cyber Incident Information With Third-Parties Beyond 8-K Disclosure

Public Chatter

Corp Fin Clarifies That Companies Can Share Cyber Incident Information With Third-Parties Beyond 8-K Disclosure

Computer server room

Following on the heels of his statement last month clarifying that companies should not file Form 8-K under Item 1.05 in connection with a cybersecurity incident that they have determined isn't material or for which they have not yet made a materiality determination, Corp Fin Director Erik Gerding issued this statement last week clarifying that disclosure of material cybersecurity incidents on an Item 1.05 Form 8-K doesn't preclude companies from sharing information beyond that disclosed in the 8-K with others, including contractual counterparties.

Director Gerding notes that Regulation FD offers various alternatives for sharing this information without raising selective disclosure concerns, such as:

  • The information is not material
  • The recipient isn't one of the types of persons covered by Reg FD
  • There is an exclusion from Reg FD, such as the recipient has a duty of trust or confidence to the company (such as an attorney, investment banker, or accountant) or the person with whom the information is being shared expressly agrees to maintain the disclosed information in confidence (e.g., by entering into a confidentiality agreement with the company)

Print and share

Explore more in

Blog series

Public Chatter

Public Chatter provides practical guidance—and the latest developments—to those grappling with public company securities law and corporate governance issues, through content developed from an in-house perspective.   

Subscribe 🡢



Visit Public Chatter Resources for Guides, Quick Alerts and Programs

View the blog
Home
Jump back to top