SEC’s 2011 directive asked companies to disclose material information regarding cybersecurity risks and cyber incidents. In Yahoo’s data breach case, Yahoo did not disclose when it first learnt about the data breach incident. US Senator Mark Warner asked the SEC to evaluate whether the current disclosure regime was adequate. Read More
