The Justice Insiders Podcast - Human Beings: Cybersecurity's Most Fragile Attack Surface
Protecting Our Nation’s Data: Cybersecurity Compliance for Government Contractors
SEC’s New Cyber Rules for Publicly Traded Companies — The Consumer Finance Podcast
2023 DSIR Deeper Dive: How International and Domestic Regulatory Enforcement Spotlights the Information Governance Tensions Between ‘There’ and ‘Here’ and Between ‘Keep’ and ‘Delete’
2023 DSIR Deeper Dive: Plaintiffs’ Attorneys Are Trying to Assert a New Cause of Action Against Universities Based on an Old Law Regulating Videotape Service Providers
Episode 293 -- Catching Up with California and Other State Privacy Laws
How to Fix the Cyber Incident Reporting Mess--DHS Weighs In
Regulatory Phishing Podcast - The Impact of Cybersecurity Compliance on Corporate Transactions
The Justice Insiders Podcast: Incidents in the Material World: SEC Adopts New Cybersecurity Rules
Episode 288 -- SEC Adopts Robust New Cybersecurity Disclosure Rules
2023 DSIR Report Deeper Dive into the Data
Cybersecurity Threats Facing Food and Agribusiness Companies & the Preparation and Protection Safeguards to Help Mitigate Them
2022 DSIR Deeper Dive: OCR’s Right of Access Initiative
2022 DSIR Report Deeper Dive: FTC
2022 DSIR Deeper Dive: Vendor Incidents
Unauthorized Access: An Inside Look at Incident Response
The State of Cyber: Breaking Down Recent Rules and Regulations
Mandatory Cyber Incident Reporting: Pros, Cons, and Next Steps
Cyberside Chats: Preserving Legal Privilege After a Cybersecurity Incident
Debra Geroux and Scott Wrobel on Responding to Data Breaches
The U.S. Securities and Exchange Commission (SEC) is becoming one of the federal agencies at the forefront of driving transparency, cybersecurity awareness and cyber incident reporting. As we reported in last year’s...more
On January 13, 2025, the Securities and Exchange Commission (“SEC”) filed a settled enforcement action against Ashford Inc. (“Ashford” or “the Company”), a company that provides products and services to the real estate and...more
The U.S. Securities and Exchange Commission's ("SEC") Division of Enforcement has recently brought a spate of enforcement actions relating to key topics for public companies. These include enforcement actions related to...more
This week, the Securities and Exchange Commission (SEC) charged four public companies for alleged deceptive cyber disclosures: Unisys Corp., Avaya Holdings Corp., Check Point Software Technologies Ltd., and Mimecast Limited....more
By now, public companies are generally aware of the cybersecurity rules adopted by the U.S. Securities and Exchange Commission a year ago, requiring public companies to disclose material cybersecurity incidents under Item...more
On May 16, 2024, the SEC breathed new life into its decades-old Regulation S-P, which requires firms to adopt policies and procedures for the protection of customer information and records. The amended rule balloons the...more
I work for a public company that recently experienced a ransomware attack. Fortunately, we were able to restore our business operations quickly by obtaining a decryption key from the threat actor. Given that we managed to get...more
Section 13(b)(2)(B) of the Securities Exchange Act of 1934 requires public companies to “devise and maintain a system of internal accounting controls.” In a recent opinion, a New York federal court rejected the Securities...more
The U.S. District Court for the Southern District of New York has dismissed many of the Securities and Exchange Commission’s (SEC’s) claims against software development company SolarWinds and its chief information security...more
The Securities and Exchange Commission (the “SEC”) has issued five compliance and disclosure interpretations related to the disclosure of material cybersecurity incidents under Item 1.05 of Form 8-K....more
On June 24, 2024, the Division of Corporation Finance (“Corp Fin”) of the Securities and Exchange Commission (“SEC”) issued five new Compliance and Disclosure Interpretations (“C&DIs”) related to the disclosure of “material”...more
The SEC’s Director of Corporation Finance, Erik Gerding, recently issued two statements regarding a public company’s disclosure obligations in response to a cybersecurity incident. These remarks follow the adoption of the...more
On June 24, 2024, the SEC released five new CDIs on Material Cybersecurity Incidents. Please see a high-level summary below...more
The SEC’s Division of Corporation Finance yesterday published five new Compliance and Disclosure Interpretations, or “C&DIs,” all concerning Item 1.05 of Exchange Act Form 8-K, Disclosure of Cybersecurity Incidents....more
Last month, the Director of the Division of Corporation Finance (“Director”) of the Securities and Exchange Commission (“SEC”) issued new guidance regarding disclosures of material cybersecurity incidents via Form 8-K under...more
On May 16, 2024, the U.S. Securities and Exchange Commission (SEC) announced that it had adopted final amendments to its Regulation S-P (the Rule or Amended Rule), which governs “covered financial institutions’” treatment of...more
On May 21, 2024, Erik Gerding, director of the Division of Corporation Finance of the U.S. Securities and Exchange Commission (SEC), issued a statement with clarifying guidance on cybersecurity incident disclosure under Item...more
The Director of the Division of Corporation Finance of the SEC issued a statement last week relating to the recent SEC cybersecurity disclosure rules that require public companies to disclose the occurrence of material...more
The U.S. Securities and Exchange Commission's (SEC) Division of Corporation Finance Director Erik Gerding released a statement on May 21, 2024, addressing Disclosure of Cybersecurity Incidents Determined to be Material and...more
On May 21, 2024, Erik Gerding, the Director of the Division of Corporation Finance at the U.S. Securities and Exchange Commission (SEC), released a statement (statement) on the disclosure of cybersecurity incidents. This...more
In a statement yesterday, the Director of the SEC’s Division of Corporation Finance commented on the relatively new Form 8-K Item 1.05 requirement. Last summer when the SEC adopted the final rules relating to cybersecurity...more
Erik Gerding, Director, Division of Corporation Finance, released a statement on the preferred methods to disclose certain cybersecurity incidents. Mr. Gerding noted “The cybersecurity rules that the Commission adopted on...more
At this point, it is self-evident that companies are grappling with an ever-evolving (think: tougher) cyber risk terrain. However, two recent cases against companies and their Chief Information Security Officers (CISOs),...more
The U.S. Securities Exchange Commission (SEC) recently adopted a final rule regarding cybersecurity risk management, governance, and incident reporting. The final rule went into effect on September 5, 2023, and disclosure...more
In 2023, the U.S. Securities and Exchange Commission (“SEC”) issued its now-fully implemented Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure Rule. The Rule reflects the reality that cybersecurity...more