The Justice Insiders Podcast: Incidents in the Material World: SEC Adopts New Cybersecurity Rules
Episode 288 -- SEC Adopts Robust New Cybersecurity Disclosure Rules
The U.S. Securities and Exchange Commission (SEC) is becoming one of the federal agencies at the forefront of driving transparency, cybersecurity awareness and cyber incident reporting. As we reported in last year’s...more
On October 22, 2024, the Securities and Exchange Commission (SEC) announced that it had charged four companies with making materially misleading disclosures regarding cybersecurity risks and intrusions, with one company also...more
SEC Penalizes Director for Misleading D&O Questionnaire Response - The SEC recently brought an enforcement action against a director for causing violations of the proxy rules by failing to disclose a close personal...more
On October 22, 2024, the U.S. Securities and Exchange Commission (SEC) charged four publicly traded technology companies with making materially misleading disclosures regarding cybersecurity risks and incidents (SEC press...more
Continuing its controversial and aggressive approaches to cybersecurity, the U.S. Securities and Exchange Commission (SEC) recently charged four current and former public companies for purportedly “materially misleading...more
The SEC on Oct. 22, 2024, announced charges against four companies for allegedly making materially misleading disclosures concerning the impact of cybersecurity incidents associated with the compromised SolarWinds' Orion...more
On October 22, 2024, the SEC charged two current reporting companies, Unisys Corp. and Check Point Software Technologies, and two former public companies, Mimecast Limited and Avaya Holdings Corp., with making materially...more
The U.S. District Court for the Southern District of New York on July 18, 2024, dismissed most of the SEC's landmark cyber enforcement litigation against SolarWinds Corp. (SolarWinds or the Company) and the Company's Chief...more
On July 18, Judge Paul Engelmayer of the Southern District of New York issued a lengthy order dismissing the majority of the SEC’s enforcement case against SolarWinds Corporation (SolarWinds) and its CISO, Timothy Brown. The...more
The SEC continues to expand its cybersecurity enforcement authority to include allegations that a company's failure to monitor its managed security service providers (MSSP) amounts to violations of federal securities laws....more
The SEC has been aggressively pursuing cybersecurity investigations and enforcement actions against public companies and foreign private issuers. In these actions, the SEC often alleges one of two theories: 1) that the...more
The Securities and Exchange Commission entered into a resolution agreement with R.R. Donnelley & Sons (RRD) on June 18, 2024 with RRD agreeing to pay $2.125 million to resolve disclosure and control violations alleged by the...more
As questions and commentary continue to arise with respect to the SEC’s rules on disclosure of material cybersecurity incidents, the SEC staff has sought to provide additional guidance on the application of the final...more
Last month, the Securities and Exchange Commission (SEC) reemphasized just how serious companies must be about maintaining a vigilant cybersecurity posture and procedures to report cyber incidents in a timely manner....more
On December 12, 2023, the Department of Justice (“DOJ”) issued guidance related to the process by which companies may request the United States Attorney General authorize delays of cyber incident disclosures, pursuant to a...more
A number of significant regulatory, legal, market, and ESG-related developments and issues will affect how public companies approach the upcoming year-end reporting process. As in past years, Mintz has prepared an in-depth...more
On October 30, 2023, the SEC filed charges against SolarWinds Corp. and its chief information security officer (CISO), alleging: ..Failures to disclose known cybersecurity vulnerabilities affecting the company’s “crown...more
On July 26, 2023, the Securities and Exchange Commission (SEC) implemented new cybersecurity rules to require disclosure of material cybersecurity incidents within four business days, with limited exceptions. Additionally,...more
In order to provide an overview for busy in-house counsel and compliance professionals, we summarize below some of the most important SEC enforcement developments from the past month, with links to primary resources. This...more
The U.S. Securities and Exchange Commission (SEC) has launched a stunning salvo across the bows of public companies with its announcement of civil monetary penalties and a cease-and-desist order against First American...more
The Securities and Exchange Commission is gaining traction in the enforcement of cybersecurity and disclosure requirements. The SEC has a lot on its plate these days – ESG, cybersecurity, and the traditional mix of...more
The SEC announced a settled enforcement action concerning First American Financial Corporation’s violations of disclosure controls and procedures. The violations related to disclosures made in connection with a cybersecurity...more