The U.S. Department of Defense (DoD) recently issued a memorandum signaling that defense contractors soon will be required to comply with new cybersecurity compliance requirements. The memorandum establishes...more
The SEC on Oct. 22, 2024, announced charges against four companies for allegedly making materially misleading disclosures concerning the impact of cybersecurity incidents associated with the compromised SolarWinds' Orion...more
10/31/2024
/ Chief Information Security Officer (CISO) ,
Civil Monetary Penalty ,
Corporate Governance ,
Cyber Attacks ,
Cyber Incident Reporting ,
Cybersecurity ,
Disclosure Requirements ,
Enforcement Actions ,
Form 8-K ,
Material Misrepresentation ,
Misleading Statements ,
Publicly-Traded Companies ,
Securities and Exchange Commission (SEC) ,
Securities Exchange Act ,
Software ,
SolarWinds
This Holland & Knight blog post is the second installment in a two-part series that examines the challenges to the U.S. Securities and Exchange Commission's (SEC) charges in its landmark case against SolarWinds Corp....more
7/29/2024
/ Board of Directors ,
Chief Information Security Officer (CISO) ,
Corporate Governance ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Disclosure Requirements ,
Enforcement Actions ,
Fraud ,
Incident Response Plans ,
Material Misrepresentation ,
Misleading Statements ,
Publicly-Traded Companies ,
Risk Mitigation ,
Securities and Exchange Commission (SEC) ,
Securities Fraud ,
SolarWinds
The U.S. District Court for the Southern District of New York on July 18, 2024, dismissed most of the SEC's landmark cyber enforcement litigation against SolarWinds Corp. (SolarWinds or the Company) and the Company's Chief...more
7/24/2024
/ Audits ,
Chief Information Security Officer (CISO) ,
Corporate Counsel ,
Cybersecurity ,
Disclosure Requirements ,
Enforcement Actions ,
Enforcement Authority ,
Form 8-K ,
Hackers ,
Internal Controls ,
Material Misstatements ,
Materiality ,
Motion to Dismiss ,
NIST ,
Popular ,
Sarbanes-Oxley ,
Securities and Exchange Commission (SEC) ,
Software Developers ,
SolarWinds
The SEC continues to expand its cybersecurity enforcement authority to include allegations that a company's failure to monitor its managed security service providers (MSSP) amounts to violations of federal securities laws....more
7/9/2024
/ Accounting Controls ,
Chief Information Security Officer (CISO) ,
Corporate Governance ,
Cybersecurity ,
Data Breach ,
Disclosure Requirements ,
Enforcement Actions ,
Form 8-K ,
Incident Response Plans ,
Internal Controls ,
Personally Identifiable Information ,
Securities and Exchange Commission (SEC) ,
Securities Exchange Act
The SEC has been aggressively pursuing cybersecurity investigations and enforcement actions against public companies and foreign private issuers. In these actions, the SEC often alleges one of two theories: 1) that the...more
7/8/2024
/ Chief Information Security Officer (CISO) ,
Corporate Governance ,
Cyber Incident Reporting ,
Cybersecurity ,
Data Protection ,
Disclosure Requirements ,
Enforcement Actions ,
Foreign Private Issuers ,
Form 8-K ,
Materiality ,
Misrepresentation ,
Professional Liability ,
Publicly-Traded Companies ,
Puffery ,
Risk Management ,
Securities and Exchange Commission (SEC) ,
Security and Privacy Controls ,
SolarWinds
As courts have recognized, "[t]he fact that a company has suffered a security breach does not demonstrate that the company did not place significant emphasis on maintaining a high level of security."1 Nevertheless, companies...more
The U.S. Securities and Exchange Commission's (SEC) Division of Corporation Finance Director Erik Gerding released a statement on May 21, 2024, addressing Disclosure of Cybersecurity Incidents Determined to be Material and...more
5/23/2024
/ Compliance ,
Compliance Dates ,
Corporate Governance ,
Cyber Incident Reporting ,
Cybersecurity ,
Disclosure Requirements ,
Form 8-K ,
Materiality ,
Publicly-Traded Companies ,
Risk Management ,
Securities and Exchange Commission (SEC) ,
Securities Regulation
Topic Links Maritime trade is essential to America's economic viability and national security interests. The U.S. Marine Transportation System (MTS) – comprising an intricate system of ports, terminals, vessels, waterways and...more
3/21/2024
/ Biden Administration ,
Coast Guard ,
Cyber Espionage ,
Cybersecurity ,
Department of Homeland Security (DHS) ,
Espionage ,
Executive Orders ,
Maritime Transport ,
Ports ,
Risk Mitigation ,
Vessels
The new Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure rules (Final Rules) adopted by the U.S. Securities and Exchange Commission (SEC) were published in the Federal Register on Aug. 4, 2023, and...more
8/21/2023
/ Corporate Governance ,
Cyber Attacks ,
Cyber Incident Reporting ,
Cybersecurity ,
Disclosure Requirements ,
Final Rules ,
Form 10-K ,
Form 8-K ,
Publicly-Traded Companies ,
Reporting Requirements ,
Risk Management ,
Securities and Exchange Commission (SEC) ,
Securities Regulation
The long-awaited U.S. Securities and Exchange Commission (SEC) cybersecurity rules for public companies have finally arrived. On July 26, 2023, a divided SEC adopted new rules requiring each public company to, among other...more
7/31/2023
/ Corporate Governance ,
Cyber Incident Reporting ,
Cybersecurity ,
Disclosure Requirements ,
Final Rules ,
Form 10-K ,
Form 8-K ,
Publicly-Traded Companies ,
Regulation S-K ,
Risk Management ,
Securities and Exchange Commission (SEC) ,
Securities Regulation ,
Third-Party Risk
The Biden Administration released its Fall 2022 regulatory agenda (Regulatory Agenda) on Jan. 4, 2023. In it, the administration outlined regulations aimed at cybersecurity requirements for government contractors, the...more
1/10/2023
/ Biden Administration ,
Cyber Incident Reporting ,
Cyber Threats ,
Cybersecurity ,
Cybersecurity Maturity Model Certification (CMMC) ,
Energy Sector ,
Federal Acquisition Regulations (FAR) ,
Federal Contractors ,
FERC ,
General Services Administration (GSA) ,
Investment Adviser ,
Maritime Transport ,
Popular ,
Publicly-Traded Companies ,
Regulatory Agenda ,
Risk Management ,
Securities and Exchange Commission (SEC)
After years of debate, Congress has passed bipartisan legislation requiring owners and operators of critical infrastructure to report cyber incidents to the U.S. Department of Homeland Security (DHS) Cybersecurity and...more
Less than a month after the U.S. Securities and Exchange Commission (SEC) proposed substantial new cybersecurity requirements for investment advisers and registered investment companies, the commission unveiled a new slate of...more
Following U.S. Securities and Exchange Commission (SEC) Chairman Gary Gensler's recent speech directing the agency to expand cybersecurity requirements on regulated entities, the SEC on Feb. 9, 2022, voted to propose new...more
2/24/2022
/ Books & Records ,
Broker-Dealer ,
Cybersecurity ,
Data Protection ,
Data Security ,
Disclosure Requirements ,
Enforcement Actions ,
Investment Adviser ,
Investment Companies ,
Policies and Procedures ,
Popular ,
Proposed Rules ,
Regulatory Agenda ,
Reporting Requirements ,
Securities and Exchange Commission (SEC)
U.S. Securities and Exchange Commission (SEC) Chair Gary Gensler made remarks on Jan. 24, 2022, at Northwestern University Pritzker School of Law's Annual Securities Regulation Institute regarding the SEC's work to improve...more
1/31/2022
/ Broker-Dealer ,
Cyber Incident Reporting ,
Cybersecurity ,
Data Privacy ,
Data Security ,
Disclosure Requirements ,
Dispute Resolution ,
Enforcement Actions ,
Financial Services Industry ,
Gary Gensler ,
Investment Adviser ,
Policies and Procedures ,
Publicly-Traded Companies ,
Reporting Requirements ,
Securities and Exchange Commission (SEC)
Following the SolarWinds and the Colonial Pipeline cyberattacks, the Biden Administration emphasized a shift toward mandatory cybersecurity requirements. Throughout 2021, government agencies issued new cybersecurity guidance,...more
1/13/2022
/ Banking Sector ,
Biden Administration ,
Cyber Attacks ,
Cybersecurity ,
Data Privacy ,
Data Security ,
Enforcement Actions ,
FDIC ,
Federal Reserve ,
Financial Services Industry ,
FOIA ,
Gramm-Leach-Blilely Act ,
Internal Controls ,
New Regulations ,
Notice Requirements ,
NYDFS ,
OCC ,
Personally Identifiable Information ,
Popular ,
Regulatory Authority ,
Regulatory Standards ,
Risk Assessment ,
Risk Mitigation ,
Securities and Exchange Commission (SEC) ,
Sensitive Personal Information
With the announcement of a revamped Cybersecurity Maturity Model Certification (known as CMMC 2.0),1 for the third time in five years, the U.S. Department of Defense (DOD) announced new, comprehensive cybersecurity standards...more
12/8/2021
/ Controlled Unclassified Information (CUI) ,
Cybersecurity ,
Cybersecurity Maturity Model Certification (CMMC) ,
Defense Contracts ,
Defense Sector ,
Department of Defense (DOD) ,
False Claims Act (FCA) ,
Federal Acquisition Regulations (FAR) ,
Federal Contractors ,
Interim Final Rules (IFR) ,
National Security ,
NIST ,
Popular ,
Qui Tam
Earlier this week, the U.S. Department of Justice (DOJ) announced the launch of its new Civil Cyber-Fraud Initiative — an effort designed to harness the department's knowledge in civil fraud enforcement, government...more
10/11/2021
/ Biden Administration ,
Certification Requirements ,
Corporate Counsel ,
Cyber Crimes ,
Cybersecurity ,
Cybersecurity Maturity Model Certification (CMMC) ,
Department of Justice (DOJ) ,
DFARS ,
Executive Orders ,
False Claims Act (FCA) ,
Federal Acquisition Regulations (FAR) ,
Federal Contractors ,
Fraud ,
Whistleblowers
Holland & Knight invites you to read our China Practice Newsletter, in which our authors discuss pertinent Sino-American topics.
HIGHLIGHTS:
- Non-Fungible Tokens and Intellectual Property Law: Key Considerations...more
9/2/2021
/ Commercial Leases ,
Controlled Foreign Corporations ,
Cryptocurrency ,
Cybersecurity ,
Digital Assets ,
Disclosure Requirements ,
Enforcement Actions ,
Foreign Investment ,
General Services Administration (GSA) ,
Intellectual Property Protection ,
Irrevocable Trusts ,
National Security ,
Non-Fungible Tokens (NFTs) ,
Risk Management ,
Securities and Exchange Commission (SEC) ,
Tax Planning
The Transportation Security Administration (TSA) on July 20, 2021, reversed two decades of pipeline cybersecurity policies. Having previously advocated for voluntary pipeline cybersecurity standards, the TSA quickly issued...more
8/13/2021
/ Administrative Procedure Act ,
Compliance ,
Critical Infrastructure Sectors ,
Cyber Attacks ,
Cybersecurity ,
Department of Homeland Security (DHS) ,
FERC ,
NERC ,
New Rules ,
Pipelines ,
Ransomware ,
Risk Assessment ,
Risk Mitigation ,
Transportation Industry ,
TSA
The U.S. Securities and Exchange Commission (SEC) has launched a stunning salvo across the bows of public companies with its announcement of civil monetary penalties and a cease-and-desist order against First American...more
6/23/2021
/ Cease and Desist Orders ,
Civil Monetary Penalty ,
Corporate Counsel ,
Cyber Attacks ,
Cybersecurity ,
Disclosure Requirements ,
Enforcement Actions ,
Form 8-K ,
Internal Controls ,
NYDFS ,
Popular ,
Publicly-Traded Companies ,
Reporting Requirements ,
Risk Management ,
Securities and Exchange Commission (SEC) ,
Securities Exchange Act ,
Security Risk Assessments ,
Sensitive Personal Information