The prevailing wisdom among chief information security officers and cybersecurity professionals has long been that effective cyber preparedness requires shielding threat actors’ visibility into the technical defenses and strategies employed to protect corporate computer systems from unauthorized third-party attacks.

In July, the U.S. Securities and Exchange Commission adopted cybersecurity risk management rules that flip this proverbial script, threatening substantial fines, shareholder lawsuits and the full spectrum of other penalties for regulated companies that do not comply with the newly required broad public disclosures.

In fact, a stated intent of the SEC in promulgating the new rules is transparency that promotes a culture of accountability and vigilance.

The regulatory hope is that this proactive approach will not only lead to better visibility in the public markets but require companies to be more diligent in their cyber preparedness.

Mandates that include disclosure of material cybersecurity incidents — and public descriptions of the processes for assessing, identifying and managing risks from cybersecurity threats — now force companies to show the world, including the threat actors, the specific know-how, processes and methodologies that historically have been most effective in protecting companies from cyber intruders only when kept secret.

This is a paradigmatic shift in the world of cybersecurity.

While the SEC cybersecurity rules have garnered substantial media coverage, little to no attention has been given to how compliance necessarily affects the protection of trade secrets.

This article seeks to start the conversation by highlighting some of the key considerations concerning the intersection of SEC reporting compliance and trade secret protections.

The end goal is to assist the industry with processes that strengthen, rather than compromise, corporations’ abilities to safeguard valuable confidential information.

To read the full article, go to LAW360