In The News

Why Making Companies Disclose Ransomware Payouts May Be a Good Idea


22 Jul 2021

Jina Choi spoke with Fortune about the rise of ransomware and how companies are publicly disclosing when they’ve been targeted or paid a ransom. 

U.S. Securities and Exchange Commission (SEC) regulators are looking at requiring the disclosure under the SEC’s rules related to environmental, social, and governance (ESG) matters. For the regulator, cybersecurity largely falls under the category of “social,” said Jina Choi, a former director of the SEC’s San Francisco office.

“Under the federal securities laws, for public companies, the legal standard regarding disclosure to its shareholders is materiality – and the SEC has set forth guidance regarding the costs, including reputational damage, that a company can incur if it is breached,” Jina said.

Read the full article



Unsolicited e-mails and information sent to Morrison & Foerster will not be considered confidential, may be disclosed to others pursuant to our Privacy Policy, may not receive a response, and do not create an attorney-client relationship with Morrison & Foerster. If you are not already a client of Morrison & Foerster, do not include any confidential information in this message. Also, please note that our attorneys do not seek to practice law in any jurisdiction in which they are not properly authorized to do so.