What is non-GAAP?
The SEC, investment banks and other stakeholders are increasingly focused on cybersecurity in IPO companies given the potential financial, legal and reputational risks....more
The first year of a new significant regulatory obligation is often more notable for the absence of regulatory enforcement actions as regulators often observe compliance efforts and challenges, offer guidance, and look for...more
This guide discusses important themes and trends for the coming annual reporting season. It also includes a “housekeeping checklist” designed to assist you as you prepare your annual report. ANNUAL CYBERSECURITY...more
Paul Hastings released its SEC Cyber Incident Disclosure Report today, providing a unique look at how public companies have responded to new incident disclosure requirements. The Securities Exchange Commission (SEC) approved...more
On October 22, 2024, the U.S. Securities and Exchange Commission (SEC) charged four publicly traded technology companies with making materially misleading disclosures regarding cybersecurity risks and incidents (SEC press...more
Last week, Paul Hastings attended the Securities and Exchange Commission (SEC) Speaks 2024 event presented by the Practising Law Institute (PLI) in cooperation with the SEC on April 1 and 2. The SEC Speaks program provides...more
Public companies are now required to comply with new cybersecurity disclosure requirements in their Annual Reports on Form 10-K for fiscal years ending on or after December 15, 2023. In preparing this cybersecurity...more
The U.S. Securities Exchange Commission (SEC) recently adopted a final rule regarding cybersecurity risk management, governance, and incident reporting. The final rule went into effect on September 5, 2023, and disclosure...more
Cyber incidents are among the fastest-growing existential threats to publicly traded companies. More than a technical headache, breaches can materially impact your bottom line—and the mere news of an incident can send stocks...more
As annual reporting season begins, it is important to take a fresh look at the company’s governance and incident response processes and develop risk-informed and compliant disclosures. While many companies are understandably...more
On December 14, 2023, Erik Gerding, Director, Division of Corporation Finance at the Securities and Exchange Commission (“SEC”) gave a speech on the SEC’s final rules (the “Final Rule(s)”) regarding cybersecurity risk...more
On July 26, 2023, the SEC adopted new cybersecurity rules, which have two top-line impacts. First, registrants must disclose material cybersecurity incidents promptly on Form 8-K. Second, registrants must disclose new...more
Canadian issuers that are reporting issuers with the Securities and Exchange Commission should be aware of new rules that impose disclosure requirements regarding cybersecurity risk management, strategy, governance and...more
This summer, the Securities and Exchange Commission (SEC) adopted rules to enhance and standardize disclosures by public companies regarding cybersecurity risk management, strategy, governance, and incidents....more
On July 26, 2023, the Securities and Exchange Commission adopted new rules imposing disclosure requirements regarding cybersecurity risk management, strategy, governance and incidents. The new rules, which became effective...more
On July 26, 2023, the Securities Exchange Commission (SEC) adopted a final rule intended to augment and standardize disclosures regarding cybersecurity risk management, governance, and incident reporting. The new rule imposes...more
On July 26, 2023, the Securities and Exchange Commission (the “SEC”) adopted rules requiring public companies to promptly disclose material cybersecurity breaches on Form 8-K and detailed information regarding their...more
The SEC adopted new rules for public companies regarding disclosure of information relating to cybersecurity risk management, strategy, governance, and material incidents. Companies will now be required to disclose...more
In the August edition of our Public Company Watch, we cover key issues impacting public companies, including the SEC’s enhanced disclosure requirements regarding cybersecurity risk management, strategy, governance and...more
The new Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure rules (Final Rules) adopted by the U.S. Securities and Exchange Commission (SEC) were published in the Federal Register on Aug. 4, 2023, and...more
Part I of this blog series discussed the compliance dates and the new definitions in the U.S. Securities Exchange Commission’s (the “SEC”) final rules (the “adopting release”) for cybersecurity disclosures. In Part II, we...more
SEC Cybersecurity Rule Fact Sheet What Is the New Rule? In late July 2023, the SEC adopted new rules that will require publicly traded companies to: disclose cybersecurity incidents within four business days of determining...more
Following up on our previous report from almost a year ago, the U.S. Securities and Exchange Commission (the “SEC” or “Commission”) has adopted final rules intended to enhance and standardize disclosures regarding...more
The Securities and Exchange Commission (the “SEC”) issued a final rule on July 26, 2023 that will require public companies to disclose material cybersecurity incidents on Form 8-K within four business days of discovery. In...more
Companies will soon face new reporting requirements with respect to cybersecurity incidents and governance after the US Securities and Exchange Commission (SEC) adopted final rules on 26 July 2023. The final rules supplement...more