As companies begin submitting their regulatory filings and financial reports from 2011, the SEC is pushing for more comprehensive data breach, cyber attack, and general risk-assessment disclosures. The SEC Division of Corporate Finance published a cybersecurity guidance document in October. While the document does not constitute a concrete rule or regulation, it compels companies to more accurately and honestly disclose potential and realistic risks to possible investors, particularly if they represent significant factors that make an investment in a given company speculative or risky. The guidance reiterates that companies need not disclose information that puts them at further risk of compromise, but rather that allows investors to appreciate the nature of such risks before investing.
Source: https://threatpost.com/new-sec-guidance-may-impact-corporate-disclosure-011012/76081/