As digital technology and operating online has become ever more important for American companies, the risk associated with deliberate cyber-attacks and unintentional cyber-incidents has caught the attention of regulators. On October, 13, 2011, the Securities and Exchange Commission provided guidance to public companies concerning their duty to disclose these risks under the securities laws.[1]