The Justice Insiders Podcast: Incidents in the Material World: SEC Adopts New Cybersecurity Rules
Episode 288 -- SEC Adopts Robust New Cybersecurity Disclosure Rules
Last Friday, July 12, 2024, it was widely reported that AT&T experienced another catastrophic cyber-attack. This material cyber incident affected over 100 million of its wireless customers according to AT&T’s 8-K Filing with...more
The SEC continues to expand its cybersecurity enforcement authority to include allegations that a company's failure to monitor its managed security service providers (MSSP) amounts to violations of federal securities laws....more
Last month, the Director of the Division of Corporation Finance (“Director”) of the Securities and Exchange Commission (“SEC”) issued new guidance regarding disclosures of material cybersecurity incidents via Form 8-K under...more
On May 21, 2024, Erik Gerding, the director of the Division of Corporation Finance of the Securities and Exchange Commission (SEC), released a statement containing guidance for public companies regarding the disclosure of...more
In this week’s edition of Consumer Protection Dispatch, we look at the latest regulatory developments from the U.S. Department of Commerce, Consumer Financial Protection Bureau, and the Securities and Exchange Commission...more
On April 4, the Cybersecurity and Infrastructure Security Agency published a notice of proposed rulemaking setting out mandatory reporting requirements for covered entities that experience cybersecurity incidents or make...more
On December 12, 2023, the Department of Justice (“DOJ”) issued guidance related to the process by which companies may request the United States Attorney General authorize delays of cyber incident disclosures, pursuant to a...more
Securities and Exchange Commission (SEC) rules regarding cyber incident reporting and cybersecurity risk management, strategy, and governance, officially went into effect this week for most public companies....more
For most filers, the U.S. Securities and Exchange Commission’s (SEC) new Form 8-K rules for reporting material cybersecurity incidents took effect yesterday, December 18, 2023. The rule has been controversial and created some...more
The requirement to disclose material cybersecurity events under new Item 1.05 of Form 8-K takes effect today (other than for smaller reporting companies, for which the new requirement will take effect on June 15, 2024)....more
On December 12, 2023, the Department of Justice (DOJ) issued guidelines for companies to follow in requesting that the Attorney General authorize delays of cyber incident disclosures required by the U.S. Securities and...more
In an unintended consequence of the Securities and Exchange Commission's (SEC) unprecedented rulemaking agenda, a black-hat hacker gang has filed a whistleblower complaint against its victim for not reporting a cybersecurity...more
On July 26, 2023, the SEC adopted new cybersecurity rules, which have two top-line impacts. First, registrants must disclose material cybersecurity incidents promptly on Form 8-K. Second, registrants must disclose new...more
The SEC has now finalized its much anticipated rules for public companies’ cybersecurity disclosures. The final rules, published this month, require disclosure of certain cybersecurity incidents much sooner than under many...more
On July 26, 2023, the Securities and Exchange Commission (SEC) implemented new cybersecurity rules to require disclosure of material cybersecurity incidents within four business days, with limited exceptions. Additionally,...more
The Securities and Exchange Commission (“SEC”) voted on July 26, 2023 to adopt new cybersecurity rules, which are aimed at helping investors better understand the cybersecurity risks associated with public companies by...more
On July 26, 2023, the Securities and Exchange Commission (“SEC”) adopted its long-anticipated cybersecurity reporting rule (the “Final Rule”). The Final Rule applies to public companies subject to the reporting requirements...more
In a 3-2 vote, the Securities and Exchange Commission (SEC) adopted new cybersecurity rules yesterday (July 26, 2023) applicable to public companies. The rules, which will become effective thirty days after publication in...more
The Securities and Exchange Commission (“SEC”) has admonished companies to report material cybersecurity incidents in their public filings since 2011, but this week the SEC announced a new rule actually requiring disclosure...more
At an open meeting this morning, the Securities and Exchange Commission voted (with dissenters—see, for example, Commissioner Peirce’s statements) to adopt amendments aimed at enhancing and standardizing disclosures related...more
The U.S. Securities and Exchange Commission (“SEC” or “Commission”) has published proposed rules to enhance and standardize disclosures regarding cybersecurity risk management, strategy, governance, and cybersecurity incident...more
The Securities and Exchange Commission is quickly raising the stakes for global companies. Along with these new regulatory requirements, the risk of enforcement multiply, especially when it comes to corporate disclosure...more
The Securities and Exchange Commission is busy. The new Chairman Gary Gensler hit the ground running and is pushing an active agenda of policy issues and enforcement. Along with this push, the SEC’s new enforcement director,...more
Corporate risk and compliance officers already labor under an influx of concerns related to cybersecurity, so you might have missed this latest news: the U.S. Securities and Exchange Commission has proposed new rules for more...more
THE SEC’S RULE PROPOSALS AIM TO ASSIST INVESTORS - On March 9, 2022, the U.S. Securities and Exchange Commission (SEC) proposed new rules “to enhance and standardize disclosures regarding cybersecurity risk management,...more