Capital Markets & Governance Insights – January 2025

Companies should not minimize the extent of a material cybersecurity incident by omitting material facts regarding the scope and potential impact of the incident. Cybersecurity risk factor disclosures should be tailored to a company’s particular cybersecurity risks and incidents, including by being updated to reflect material cybersecurity incidents as those increase a company’s cybersecurity risk profile.
Source: Capital Markets & Governance Insights – January 2025