The Justice Insiders Podcast: Incidents in the Material World: SEC Adopts New Cybersecurity Rules
Episode 288 -- SEC Adopts Robust New Cybersecurity Disclosure Rules
The securities law disclosure framework has evolved to encourage; companies acting in good faith to disseminate relevant projections pertaining to their businesses to the general public "without fear of open-ended liability."...more
On July 18, 2024, Judge Paul A. Engelmeyer of the U.S. District Court for the Southern District of New York issued a 107-page opinion dismissing most of the Securities and Exchange Commission’s (SEC) case against SolarWinds...more
Ongoing wars abroad, political division and election year uncertainty in the United States, along with continuing state, federal, and global regulatory discord on sustainability and artificial intelligence, among other...more
In the July edition of our Public Company Watch, we cover key issues impacting public companies, including the new Compliance and Disclosure Interpretations related to the cybersecurity disclosure rules and the recent SEC...more
The U.S. District Court for the Southern District of New York on July 18, 2024, dismissed most of the SEC's landmark cyber enforcement litigation against SolarWinds Corp. (SolarWinds or the Company) and the Company's Chief...more
On July 18, Judge Paul Engelmayer of the Southern District of New York issued a lengthy order dismissing the majority of the SEC’s enforcement case against SolarWinds Corporation (SolarWinds) and its CISO, Timothy Brown. The...more
On June 18, 2024, the Securities and Exchange Commission (SEC) announced that it had settled claims against RR Donnelley (RRD) related to a 2021 ransomware and cyber extortion attack. Despite RRD having discovered and...more
The Securities and Exchange Commission (the “SEC”) has issued five compliance and disclosure interpretations related to the disclosure of material cybersecurity incidents under Item 1.05 of Form 8-K....more
On June 24, 2024, the SEC issued five new Compliance & Disclosure Interpretations (C&DIs) relating to the materiality assessment and disclosure requirements of material cybersecurity incidents under Item 1.05 of Form 8-K....more
On June 24, 2024, the Division of Corporation Finance (“Corp Fin”) of the Securities and Exchange Commission (“SEC”) issued five new Compliance and Disclosure Interpretations (“C&DIs”) related to the disclosure of “material”...more
The SEC continues to expand its cybersecurity enforcement authority to include allegations that a company's failure to monitor its managed security service providers (MSSP) amounts to violations of federal securities laws....more
The SEC has been aggressively pursuing cybersecurity investigations and enforcement actions against public companies and foreign private issuers. In these actions, the SEC often alleges one of two theories: 1) that the...more
In recent years, the Securities and Exchange Commission (SEC) has increased its scrutiny of disclosure in public filings, as evidenced by an increase in the number of comments issued to public reporting companies. This trend...more
The SEC’s Director of Corporation Finance, Erik Gerding, recently issued two statements regarding a public company’s disclosure obligations in response to a cybersecurity incident. These remarks follow the adoption of the...more
On June 24, 2024, the SEC released five new CDIs on Material Cybersecurity Incidents. Please see a high-level summary below...more
On June 24, 2024, the SEC’s Division of Corporation Finance published five additional interpretations (CDIs) addressing the effect of ransomware payments on the obligation of companies to report material cybersecurity...more
The SEC’s Division of Corporation Finance yesterday published five new Compliance and Disclosure Interpretations, or “C&DIs,” all concerning Item 1.05 of Exchange Act Form 8-K, Disclosure of Cybersecurity Incidents....more
Erik Gerding, Director, SEC Division of Corporation Finance, issued a statement to clear up misconceptions following filing of an 8-K disclosing a cybersecurity incident....more
Last month, the Securities and Exchange Commission (SEC) reemphasized just how serious companies must be about maintaining a vigilant cybersecurity posture and procedures to report cyber incidents in a timely manner....more
Last month, the Director of the Division of Corporation Finance (“Director”) of the Securities and Exchange Commission (“SEC”) issued new guidance regarding disclosures of material cybersecurity incidents via Form 8-K under...more
In the June edition of our Public Company Watch, we cover key issues impacting public companies, including the recent SEC staff statement on cybersecurity disclosures in Form 8-K, structural defenses against shareholder...more
Recent Securities and Exchange Commission (SEC) enforcement action and statements by SEC officials show that the Commission remains focused on disclosures regarding cybersecurity incidents. On May 21, 2024, Erik Gerding,...more
On May 21, 2024, Erik Gerding, the director of the Division of Corporation Finance of the Securities and Exchange Commission (SEC), released a statement containing guidance for public companies regarding the disclosure of...more
Last week, Erik Gerding, Director of the SEC’s Division of Corporation Finance (the Division), issued a statement providing clarification regarding the disclosure of cybersecurity incidents by reporting companies. This...more
On May 21, 2024, the director of the SEC’s Division of Corporation Finance, Erik Gerding, issued a statement regarding the new requirement to disclose material cybersecurity incidents on Form 8-K. The SEC’s latest...more