On February 21, 2018, the SEC published interpretive guidance to assist public companies in preparing disclosures about cybersecurity risks and incidents. Below is a summary outlining this new disclosure category which impacts all public companies, regardless of their size, and applies to all prospectuses and periodic reports filed with the SEC.
The SEC staff frequently comments during its review process about the lack of an established corporate governance structure, such as board member independence and board committee composition, by OTC quoted issuers, even if not required by SEC and national securities exchange rules.
Former SEC Chairman Harvey L. Pitt takes a guess that one day we may see five to six pages-long summary disclosure documents with hyperlinks to the detailed information of issuers in previously filed periodic reports.