The US Securities and Exchange Commission (SEC) released a statement yesterday, warning high-ranking executives not to trade stocks before the disclosing breaches, major vulnerabilities, and other cybersecurity related incidents.

The SEC says the new guidance —available as a PDF, here— is not a new rule for companies, but a clarification on what classifies as insiders information.

The SEC clarifies that information on security flaws and incidents is to be considered as insiders information and should not be used in making decisions to buy or sell securities (stock).

The SEC encourages companies to set up policies and procedures to prevent execs with knowledge of cybersecurity incidents from selling stock. Such policies usually take the form of contract clauses.

“Directors, officers, and other corporate insiders must not trade a public company’s securities while in possession of material nonpublic information, which may include knowledge regarding a significant cybersecurity incident experienced by the company,” the SEC guidance reads.

“There is no doubt that the cybersecurity landscape and the risks associated with it continue to evolve,” said SEC Chairman Jay Clayton. “I have asked the Division of Corporation Finance to continue to carefully monitor cybersecurity disclosures as part of their selective filing reviews.  We will continue to evaluate developments in this area and consider feedback about whether any further guidance or rules are needed.”

SEC intervenes after Equifax and Intel shenanigans

This SEC official warning comes after two highly-mediatized cases where high-ranking execs sold…