The Justice Insiders Podcast: Incidents in the Material World: SEC Adopts New Cybersecurity Rules
Episode 288 -- SEC Adopts Robust New Cybersecurity Disclosure Rules
The first year of a new significant regulatory obligation is often more notable for the absence of regulatory enforcement actions as regulators often observe compliance efforts and challenges, offer guidance, and look for...more
The SEC on Oct. 22, 2024, announced charges against four companies for allegedly making materially misleading disclosures concerning the impact of cybersecurity incidents associated with the compromised SolarWinds' Orion...more
The SEC has been aggressively pursuing cybersecurity investigations and enforcement actions against public companies and foreign private issuers. In these actions, the SEC often alleges one of two theories: 1) that the...more
Public companies are now required to comply with new cybersecurity disclosure requirements in their Annual Reports on Form 10-K for fiscal years ending on or after December 15, 2023. In preparing this cybersecurity...more
The Rules on Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure by Public Companies (the “Cybersecurity Rules”), which the Securities and Exchange Commission (SEC) had adopted earlier this year,...more
Earlier this week, the SEC accused SolarWinds Corporation (“SolarWinds” or the “Company”) and its Chief Information Security Officer (“CISO”) of committing scienter-based securities fraud, among other violations, for...more
On July 26, 2023, the Securities and Exchange Commission (SEC) implemented new cybersecurity rules to require disclosure of material cybersecurity incidents within four business days, with limited exceptions. Additionally,...more
The SEC, by a 3-2 vote, has adopted new rules requiring companies to provide: ..current disclosure on Form 8-K within four business days of determining that a material cybersecurity incident has occurred; and ...more