SEC Says Execs Shouldn’t Trade While Companies Investigate Cyberattacks & Data Breaches
After the massive Equifax data breach, the US Securities and Exchange Commission (SEC) has finally updated its guidance, warning executives not to trade stocks during major cybersecurity investigations. The announcement comes after months of rumors and doubts surrounding Equifax executives who sold shares worth almost $1.8 million after the company had discovered the data breach, but hadn’t publicly disclosed it yet.
With the industry trying to recover from last year’s breaches and executives somehow still managing to leave with their golden parachutes after putting the privacy of millions of users at risk, the Commission is finally setting up some new rules to avoid any future insider trading accusations that arise out of security breach disclosures. The new guidance serves as a clarification on what it classifies as insider trading.
“Directors, officers, and other corporate insiders must not trade a public company’s securities while in possession of material nonpublic information, which may include knowledge regarding a significant cybersecurity incident experienced by the company,” the new SEC guidance reads (PDF).
Public companies should have policies and procedures in place to (1) guard against directors, officers, and other corporate insiders taking advantage of the period between the company’s discovery of a cybersecurity incident and public disclosure of the incident to trade on material nonpublic information about the incident, and (2) help ensure that the company makes timely disclosure of any related material nonpublic information. In addition, we believe that companies are well served by considering the ramifications of directors, officers, and other corporate insiders trading in advance of disclosures regarding cyber incidents that prove to be material.
Equifax isn’t the only company that came under fire for executives selling their shares after they got to learn about cyberattacks. After the devastating Meltdown and Spectre flaws were disclosed to the public last month, Intel CEO Brian Krzanich’s preplanned stock sale also made it to the news headlines for insider trading allegations.
While the SEC has updated its guidance, not everyone believes the agency is doing enough. “I reluctantly support today’s guidance in the hope that it is just the first step toward defeating those who would use technology to threaten our economy,” SEC Commissioner Robert Jackson wrote. “The guidance essentially reiterates years-old staff-level views on this issue. But economists of all stripes agree that much more needs to be done.”