
The SEC’s Proposed Cyber 8-K Disclosure
On March 9, 2022, the SEC proposed rules mandating cybersecurity disclosure, including a new Item 1.05 for Form 8-K, which requires current reporting of cybersecurity incidents deemed by the registrant to be material.
In a 2018 article published in the Harvard Business Law Review, Columbia Law Professor Eric Talley and I identify trading patterns suggestive of informed trading prior to the disclosure of cybersecurity breaches. We argue that trading of this type raises complex and, in context, unique concerns over price discovery, liquidity, and efficient allocation of resources. Profits from such trading may increase hackers’ incentives to exploit security vulnerabilities, … Read more