The Justice Insiders Podcast - Human Beings: Cybersecurity's Most Fragile Attack Surface
Protecting Our Nation’s Data: Cybersecurity Compliance for Government Contractors
SEC’s New Cyber Rules for Publicly Traded Companies — The Consumer Finance Podcast
2023 DSIR Deeper Dive: How International and Domestic Regulatory Enforcement Spotlights the Information Governance Tensions Between ‘There’ and ‘Here’ and Between ‘Keep’ and ‘Delete’
2023 DSIR Deeper Dive: Plaintiffs’ Attorneys Are Trying to Assert a New Cause of Action Against Universities Based on an Old Law Regulating Videotape Service Providers
Episode 293 -- Catching Up with California and Other State Privacy Laws
How to Fix the Cyber Incident Reporting Mess--DHS Weighs In
Regulatory Phishing Podcast - The Impact of Cybersecurity Compliance on Corporate Transactions
The Justice Insiders Podcast: Incidents in the Material World: SEC Adopts New Cybersecurity Rules
Episode 288 -- SEC Adopts Robust New Cybersecurity Disclosure Rules
2023 DSIR Report Deeper Dive into the Data
Cybersecurity Threats Facing Food and Agribusiness Companies & the Preparation and Protection Safeguards to Help Mitigate Them
2022 DSIR Deeper Dive: OCR’s Right of Access Initiative
2022 DSIR Report Deeper Dive: FTC
2022 DSIR Deeper Dive: Vendor Incidents
Unauthorized Access: An Inside Look at Incident Response
The State of Cyber: Breaking Down Recent Rules and Regulations
Mandatory Cyber Incident Reporting: Pros, Cons, and Next Steps
Cyberside Chats: Preserving Legal Privilege After a Cybersecurity Incident
Debra Geroux and Scott Wrobel on Responding to Data Breaches
On March 31, 2025, members of the U.S. House of Representatives Committee on Financial Services sent a letter to Mark Uyeda, Acting Chairman of the U.S. Securities and Exchange Commission. Seeking to “undo the damage from...more
The U.S. Securities Exchange Commission (SEC) recently adopted a final rule regarding cybersecurity risk management, governance, and incident reporting. The final rule went into effect on September 5, 2023, and disclosure...more
In 2023, the U.S. Securities and Exchange Commission (“SEC”) issued its now-fully implemented Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure Rule. The Rule reflects the reality that cybersecurity...more
Recently, in advance of the effective date (December 18, 2023), the Director of the SEC’s Division of Corporation Finance provided additional guidance regarding the final rules relating to cybersecurity incident disclosure...more
Publicly traded companies have tangled with the question of when a cybersecurity incident should be disclosed to the public and investors. In a bid to add clarity to the topic, the U.S. Securities and Exchange Commission...more
In less than three months, public companies and certain foreign private companies will have to take additional steps after cybersecurity breaches: deciding whether an incident meets the materiality threshold that requires...more
Any time a regulation is put forth, there is always a level of uncertainty, especially regarding understanding the roles and responsibilities of key business leaders. The SEC’s new cybersecurity final rule means heightened...more
The Securities and Exchange Commission (“SEC”) adopted new rules requiring the disclosure of cybersecurity risk management, strategy, governance and material incidents (the “Rules”), effective September 5, 2023. The Rules...more
On July 26, 2023, the Securities Exchange Commission (SEC) adopted a final rule intended to augment and standardize disclosures regarding cybersecurity risk management, governance, and incident reporting. The new rule imposes...more
The new Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure rules (Final Rules) adopted by the U.S. Securities and Exchange Commission (SEC) were published in the Federal Register on Aug. 4, 2023, and...more
On July 26, the Securities and Exchange Commission (SEC) adopted new cybersecurity rules. Organizations will need to disclose material cyber incidents pursuant to a prescribed timeline and information regarding risk...more
Following up on our previous report from almost a year ago, the U.S. Securities and Exchange Commission (the “SEC” or “Commission”) has adopted final rules intended to enhance and standardize disclosures regarding...more
Public companies will soon be required to provide increased transparency about cybersecurity incidents, risk management, strategy and governance as a result of new rules adopted by the Securities and Exchange Commission (the...more
The U.S. Securities and Exchange Commission (SEC) adopted final rules on July 26, 2023, requiring public companies to provide current disclosure, within what may be a short time window, about material cybersecurity incidents...more
On July 25, 2023, the US Securities and Exchange Commission (the SEC), by a 3-2 vote, adopted final rules regarding cybersecurity risk management, strategy, governance and incident reporting by public companies (the Final...more
On July 26, 2023, the U.S. Securities and Exchange Commission (SEC) adopted final rules that generally require public companies to disclose (i) material cybersecurity incidents within four business days after determining the...more
On July 26, 2023, the Securities and Exchange Commission ("SEC"), in a 3-2 vote, adopted rules that will require public companies to make prescribed cybersecurity disclosures.1 The rules are designed to elicit "consistent,...more
On July 26, 2023, the U.S. Securities and Exchange Commission (SEC) finalized new rules that mandate public companies to disclose material cybersecurity incidents and provide annual updates on their cybersecurity risk...more
On July 26, 2023, the US Securities and Exchange Commission (SEC) released final rules requiring disclosure by public companies of material cybersecurity incidents and policies and procedures related to cybersecurity risk...more
In Short - The Situation: On July 26, 2023, the U.S. Securities and Exchange Commission ("SEC") adopted final rules that significantly alter cybersecurity disclosure obligations for companies. The SEC's final rules adopt...more
On July 26, 2023, the Securities and Exchange Commission (“SEC”) adopted amendments augmenting and standardizing required disclosures for public companies related to cybersecurity. The rules apply to all registrants, and...more
Public companies will soon face new cybersecurity disclosure requirements from the Securities and Exchange Commission (SEC), which voted last week to approve a controversial new cybersecurity rule. The final rule—which is...more
On July 26, 2023, the Securities and Exchange Commission (SEC) adopted rules imposing significant new disclosure requirements regarding cybersecurity risk management, strategy and governance and incident reporting by public...more
On July 26, the U.S. Securities and Exchange Commission adopted rules to enhance and standardize public company disclosure of cybersecurity incidents, risk management, strategy and governance. In particular, the rules,...more
On July 26, the Securities and Exchange Commission (SEC), by a 3-2 vote, adopted final rules intended to enhance public companies’ disclosures regarding (1) cybersecurity incidents through a new required current report item...more