Skip to Main Content
It looks like you're using Internet Explorer 11 or older. This website works best with modern browsers such as the latest versions of Chrome, Firefox, Safari, and Edge. If you continue with this browser, you may see unexpected results.

Cybersecurity: Government Reports

The law library curates this guide to cybersecurity resources in order to support legal researchers and practicing lawyers.

Congressional Research Service (CRS) Reports

"The Congressional Research Service (CRS) ... approaches complex topics from a variety of perspectives and examines all sides of an issue. Staff members analyze current policies and present the impact of proposed policy alternatives."

Search for CRS Reports on cybersecurity:

Examples of CRS Reports on cybersecurity:


Government Accountability Office (GAO) Reports

"GAO provides Congress, the heads of executive agencies, and the public with timely, fact-based, non-partisan information that can be used to improve government and save taxpayers billions of dollars."

Search for GAO Reports on cybersecurity:

Examples of GAO Reports on cybersecurity:

Data Breaches: Range of Consumer Risks Highlights Limitations of Identity Theft Services   

Securities and Exchange Commission (SEC) Reporting

"Companies should consider the materiality of cybersecurity risks and incidents when preparing the disclosure that is required in registration statements under the Securities Act of 1933 (“Securities Act”) and the Securities Exchange Act of 1934 (“Exchange Act”), and periodic and current reports under the Exchange Act.

"When a company is required to file a disclosure document with the Commission, the requisite form generally refers to the disclosure requirements of Regulation S-K16 and Regulation S-X. 

"Although these disclosure requirements do not specifically refer to cybersecurity risks and incidents, a number of the requirements impose an obligation to disclose such risks and incidents depending on a company’s particular circumstances." -

Search for company reports with the SEC: