Defining Issues | February 2018


SEC issues guidance on cyber security disclosures

KPMG reports on the SEC’s guidance on cyber security disclosures. This updates the SEC’s 2011 guidance, but does not add new rules or regulations.


SEC Release Nos. 33-10459; 34-82746

  • SEC registrants, except registered investment companies, registered investment advisers, brokers, dealers and self-regulatory organizations

Relevant dates

  • Effective immediately

Key impacts

The guidance includes the following key topics:

  • Required disclosure of material information
  • Timeliness of disclosures
  • Disclosure controls and procedures
  • Risk factors
  • MD&A
  • Description of business
  • Legal proceedings 
  • Financial statement disclosures
  • Board risk oversight 
  • Insider trading 
  • Selective disclosure

Report contents

  • Applicability
  • Key facts and impacts
  • Key topics
  • KPMG observation

Related content

  • The information in this Defining Issues builds on our previously released guidance – read more here.



Subscribe to our newsletter

Receive timely updates on accounting and financial reporting topics from KPMG.