Friday’s Supreme Court ruling “basically says that an omission in your S-K disclosures would be actionable only if it would have countered statements you did make. So, if you don’t feel like disclosing a risk, then also avoid making affirmative statements about things that the risk would compromise,” says Chris Cronin, a security consultant who serves as an expert witness for defense, plaintiffs, and regulators. “As a shareholder, I’m not happy about the now-clear instructions for hiding risks from your 10-K. The detail and comprehensiveness of appropriate cyber risk reporting was bound to be in contention without good examples and principles to guide filers. (The ruling) only hampers a portion of the cybersecurity rule that companies seem to be pretty bad at.”