U.S. Securities and Exchange Commission building in Washington. (Photo by Diego M. Radzinschi/THE NATIONAL LAW JOURNAL)
It’s the call that every general counsel dreads: “We’ve been hacked.” In the face of an increasing threat, cybersecurity preparedness and incident response have become top priorities for corporate boards and general counsel. Smart companies have prepared by implementing comprehensive written information security plans (to minimize the potential for a cyber incident) and incident response plans that are regularly exercised and updated in order to facilitate crisis management and decision-making in the hours, days and weeks once an incident occurs. This article focuses on how to comply with potential reporting and other disclosure obligations.