The SEC on Oct. 22, 2024, announced charges against four companies for allegedly making materially misleading disclosures concerning the impact of cybersecurity incidents associated with the compromised SolarWinds' Orion...more
10/31/2024
/ Chief Information Security Officer (CISO) ,
Civil Monetary Penalty ,
Corporate Governance ,
Cyber Attacks ,
Cyber Incident Reporting ,
Cybersecurity ,
Disclosure Requirements ,
Enforcement Actions ,
Form 8-K ,
Material Misrepresentation ,
Misleading Statements ,
Publicly-Traded Companies ,
Securities and Exchange Commission (SEC) ,
Securities Exchange Act ,
Software ,
SolarWinds
The U.S. District Court for the Southern District of New York on July 18, 2024, dismissed most of the SEC's landmark cyber enforcement litigation against SolarWinds Corp. (SolarWinds or the Company) and the Company's Chief...more
7/24/2024
/ Audits ,
Chief Information Security Officer (CISO) ,
Corporate Counsel ,
Cybersecurity ,
Disclosure Requirements ,
Enforcement Actions ,
Enforcement Authority ,
Form 8-K ,
Hackers ,
Internal Controls ,
Material Misstatements ,
Materiality ,
Motion to Dismiss ,
NIST ,
Popular ,
Sarbanes-Oxley ,
Securities and Exchange Commission (SEC) ,
Software Developers ,
SolarWinds
The SEC continues to expand its cybersecurity enforcement authority to include allegations that a company's failure to monitor its managed security service providers (MSSP) amounts to violations of federal securities laws....more
7/9/2024
/ Accounting Controls ,
Chief Information Security Officer (CISO) ,
Corporate Governance ,
Cybersecurity ,
Data Breach ,
Disclosure Requirements ,
Enforcement Actions ,
Form 8-K ,
Incident Response Plans ,
Internal Controls ,
Personally Identifiable Information ,
Securities and Exchange Commission (SEC) ,
Securities Exchange Act
The SEC has been aggressively pursuing cybersecurity investigations and enforcement actions against public companies and foreign private issuers. In these actions, the SEC often alleges one of two theories: 1) that the...more
7/8/2024
/ Chief Information Security Officer (CISO) ,
Corporate Governance ,
Cyber Incident Reporting ,
Cybersecurity ,
Data Protection ,
Disclosure Requirements ,
Enforcement Actions ,
Foreign Private Issuers ,
Form 8-K ,
Materiality ,
Misrepresentation ,
Professional Liability ,
Publicly-Traded Companies ,
Puffery ,
Risk Management ,
Securities and Exchange Commission (SEC) ,
Security and Privacy Controls ,
SolarWinds
The U.S. Securities and Exchange Commission's (SEC) Division of Corporation Finance Director Erik Gerding released a statement on May 21, 2024, addressing Disclosure of Cybersecurity Incidents Determined to be Material and...more
5/23/2024
/ Compliance ,
Compliance Dates ,
Corporate Governance ,
Cyber Incident Reporting ,
Cybersecurity ,
Disclosure Requirements ,
Form 8-K ,
Materiality ,
Publicly-Traded Companies ,
Risk Management ,
Securities and Exchange Commission (SEC) ,
Securities Regulation
The new Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure rules (Final Rules) adopted by the U.S. Securities and Exchange Commission (SEC) were published in the Federal Register on Aug. 4, 2023, and...more
8/21/2023
/ Corporate Governance ,
Cyber Attacks ,
Cyber Incident Reporting ,
Cybersecurity ,
Disclosure Requirements ,
Final Rules ,
Form 10-K ,
Form 8-K ,
Publicly-Traded Companies ,
Reporting Requirements ,
Risk Management ,
Securities and Exchange Commission (SEC) ,
Securities Regulation
The long-awaited U.S. Securities and Exchange Commission (SEC) cybersecurity rules for public companies have finally arrived. On July 26, 2023, a divided SEC adopted new rules requiring each public company to, among other...more
7/31/2023
/ Corporate Governance ,
Cyber Incident Reporting ,
Cybersecurity ,
Disclosure Requirements ,
Final Rules ,
Form 10-K ,
Form 8-K ,
Publicly-Traded Companies ,
Regulation S-K ,
Risk Management ,
Securities and Exchange Commission (SEC) ,
Securities Regulation ,
Third-Party Risk
Less than a month after the U.S. Securities and Exchange Commission (SEC) proposed substantial new cybersecurity requirements for investment advisers and registered investment companies, the commission unveiled a new slate of...more
The U.S. Securities and Exchange Commission (SEC) has launched a stunning salvo across the bows of public companies with its announcement of civil monetary penalties and a cease-and-desist order against First American...more
6/23/2021
/ Cease and Desist Orders ,
Civil Monetary Penalty ,
Corporate Counsel ,
Cyber Attacks ,
Cybersecurity ,
Disclosure Requirements ,
Enforcement Actions ,
Form 8-K ,
Internal Controls ,
NYDFS ,
Popular ,
Publicly-Traded Companies ,
Reporting Requirements ,
Risk Management ,
Securities and Exchange Commission (SEC) ,
Securities Exchange Act ,
Security Risk Assessments ,
Sensitive Personal Information