With the 2023 annual report season upon us, it is time for companies to take stock of risk factors for 10-Ks and 20-Fs, and consider whether recent economic, political, technological, and regulatory developments have had (or are expected to have) a material impact on their business, financial condition and operating results.1 As a starting point, this alert features (i) a list of key developments that US public companies should consider as they update risk factors in Part I and (ii) critical drafting considerations in Part II. Each company will, of course, need to assess its own material risks and tailor its risk factor disclosure to its particular circumstances.
Part I: Key Developments to Consider when Updating 2023 Annual Report Risk Factor Disclosures
1. Cybersecurity
Cybersecurity incidents, data misuse, and ransomware attacks continue to proliferate and become more sophisticated, and in July 2023, the SEC adopted mandatory cybersecurity disclosure rules that require a new section of annual reports (in Part I, Item IC of Form 10-Ks and Item 16K of Form 20-Fs) to disclose information regarding their cybersecurity risk management, strategy, and governance.2 As Director of the Division of Corporation Finance Erik Gerding noted, "cybersecurity risks have increased alongside the ever-increasing share of economic activity that depends on electronic systems, the growth of remote work, the ability of criminals to monetize cybersecurity incidents, the use of digital payments, and the increasing reliance on third party service providers for information technology services, including cloud computing technology." Further, the cost to companies and their investors of cybersecurity incidents is rising at an increasing rate.
Although the SEC’s new cybersecurity rules do not directly impact ri ..
Support the originator by clicking the read the rest link below.
