The Justice Insiders Podcast: Incidents in the Material World: SEC Adopts New Cybersecurity Rules
Episode 288 -- SEC Adopts Robust New Cybersecurity Disclosure Rules
The securities law disclosure framework has evolved to encourage; companies acting in good faith to disseminate relevant projections pertaining to their businesses to the general public "without fear of open-ended liability."...more
On June 24, 2024, the SEC issued five new Compliance & Disclosure Interpretations (C&DIs) relating to the materiality assessment and disclosure requirements of material cybersecurity incidents under Item 1.05 of Form 8-K....more
On June 24, 2024, the U.S. Securities and Exchange Commission (SEC) Division of Corporation Finance (Corp Fin) added to its Compliance and Disclosure Interpretations (C&DI) related to disclosure of Material Cybersecurity...more
As questions and commentary continue to arise with respect to the SEC’s rules on disclosure of material cybersecurity incidents, the SEC staff has sought to provide additional guidance on the application of the final...more
The U.S. Securities and Exchange Commission's (SEC) Division of Corporation Finance Director Erik Gerding released a statement on May 21, 2024, addressing Disclosure of Cybersecurity Incidents Determined to be Material and...more
On April 4, the Cybersecurity and Infrastructure Security Agency published a notice of proposed rulemaking setting out mandatory reporting requirements for covered entities that experience cybersecurity incidents or make...more
We previously noted in our March 31, 2022 alert that the U.S. Securities and Exchange Commission (SEC or Commission) held an open meeting on March 30, 2022 to consider proposed rules and amendments regarding special purpose...more
The Staff of the Division of Corporation Finance at the Securities and Exchange Commission (SEC) has recently begun issuing comment letters in the life sciences reverse merger (RM) context that involve a broadened...more
On 18 December 2023, the new rules of the US Securities and Exchange Commission (SEC) regarding disclosure of material cybersecurity incidents under Item 1.05 of Form 8-K went into effect, requiring companies to report a...more
In July 2023, the SEC adopted new cybersecurity rules for the stated purpose of enhancing and standardizing disclosures regarding cybersecurity risk management, strategy, governance and incidents by public companies. The...more
In less than three months, public companies and certain foreign private companies will have to take additional steps after cybersecurity breaches: deciding whether an incident meets the materiality threshold that requires...more
On July 26, 2023, the Securities and Exchange Commission adopted new rules imposing disclosure requirements regarding cybersecurity risk management, strategy, governance and incidents. The new rules, which became effective...more
On July 26, 2023, the Securities Exchange Commission (SEC) adopted a final rule intended to augment and standardize disclosures regarding cybersecurity risk management, governance, and incident reporting. The new rule imposes...more
In late July 2023, the Securities and Exchange Commission (“SEC”) adopted new rules requiring public companies to disclose cybersecurity incidents and cybersecurity governance policies and practice. The SEC largely adopted...more
The SEC adopted new rules for public companies regarding disclosure of information relating to cybersecurity risk management, strategy, governance, and material incidents. Companies will now be required to disclose...more
SEC Cybersecurity Rule Fact Sheet What Is the New Rule? In late July 2023, the SEC adopted new rules that will require publicly traded companies to: disclose cybersecurity incidents within four business days of determining...more
On July 26, the Securities and Exchange Commission (SEC) adopted new cybersecurity rules. Organizations will need to disclose material cyber incidents pursuant to a prescribed timeline and information regarding risk...more
On July 26, 2023, the Securities and Exchange Commission (SEC) implemented new cybersecurity rules to require disclosure of material cybersecurity incidents within four business days, with limited exceptions. Additionally,...more
The SEC, by a 3-2 vote, has adopted new rules requiring companies to provide: ..current disclosure on Form 8-K within four business days of determining that a material cybersecurity incident has occurred; and ...more
On July 26, 2023, the US Securities and Exchange Commission (SEC) released final rules requiring disclosure by public companies of material cybersecurity incidents and policies and procedures related to cybersecurity risk...more
In a narrow 3-2 decision on July 26, the SEC adopted its final rule concerning cybersecurity risk management, strategy, governance, and incident disclosure (the “Final Rule”). Below we highlight some of the principal changes...more
On July 26, 2023, the SEC adopted new rules to enhance and standardize disclosures pertaining to cybersecurity risk management, strategy, governance, and material cybersecurity incidents. The SEC's decision to introduce...more
As a significant step in its ongoing initiatives on the disclosure, management, and oversight of cybersecurity risks and incidents, on July 26, 2023, the US Securities and Exchange Commission (SEC or Commission) adopted rules...more
On July 26, 2023, the Securities and Exchange Commission (“SEC”) adopted final rules, rule amendments and form amendments to expand and standardize disclosures regarding cybersecurity risk management, strategy, governance,...more
A divided SEC on July 26, 2023 approved new requirements for reporting of material cybersecurity incidents in real-time current reports on Form 8-K or 6-K and disclosure of cybersecurity risk management, strategy and...more