The Securities and Exchange Commission is gaining traction in the enforcement of cybersecurity and disclosure requirements. The SEC has a lot on its plate these days – ESG, cybersecurity, and the traditional mix of...more
In early March, the New York State Department of Financial Services (“NYDFS”) announced a consent order that required Maine-based mortgage servicer Residential Mortgage Services, Inc. (“Residential”) to pay a $1.5 million...more
On February 16, the New York State Department of Financial Services (DFS) issued a cyber fraud alert, warning of a growing cybercriminal campaign to steal consumer, Nonpublic Information (NPI). The hacked data is being taken...more
Late this summer the New York Department of Financial Services (NYDFS) announced its first enforcement action since the cybersecurity rules went into effect in March 2017. The action was brought against First American Title...more
The New York State Department of Financial Services (“NYDFS”) has announced its first enforcement action of NYDFS’ Cybersecurity Regulation, Part 500 of Title 23 (“Cybersecurity Regulation”) against First American Title...more
As cybersecurity attacks have continued to gain prominence as a threat posing critical risk management and compliance challenges for financial institutions, the Securities and Exchange Commission (SEC) has emerged as an...more
Earlier this year, the SEC released cybersecurity guidance addressing, among other things, the risk of insider trading in the event of a data breach. This risk comes in multiple forms, including the intruders trading on...more
On February 21, the Securities and Exchange Commission (SEC) published interpretive guidance to assist public companies in preparing disclosures about cybersecurity risks and incidents....more
Much has been written about the SEC’s interpretive guidance on cybersecurity disclosures, issued in late February, including Commissioner Stein’s statement that it under-delivers for investors, public companies, and the...more
The Commission's "new" cybersecurity guidance largely rehashes existing guidance, as is highlighted by objections from two commissioners. At most, the additional qualitative guidance is incremental. It reiterates the need to...more
Prompted by concern over the increase in the risks and frequency of data breach incidents and other cyber-attacks affecting public companies, the Securities and Exchange Commission recently published interpretive guidance to...more
• Disclosures must inform investors about material cybersecurity risks and incidents, including addressing material cybersecurity risks for cyber-attacks that have not yet occurred. • Comprehensive policies and procedures...more
The SEC's new guidance on public company cybersecurity disclosures and Chairman Clayton's accompanying statement emphasize the SEC's expectations that public companies: (i) implement comprehensive cybersecurity policies that...more
The U.S. Securities and Exchange Commission (SEC) updated guidance to public companies this week on how and when they are to disclose cybersecurity risks and breaches. The SEC suggests that public companies should disclose...more
On February 21, 2018, the U.S. Securities and Exchange Commission approved the release of Interpretive Guidance relating to public company disclosures of cybersecurity risks and incidents. ...more
The Securities Exchange Commission (“SEC”) has been busy the last couple months on the cyber front. On September 20, the SEC announced a renewed focus on cybersecurity efforts and disclosed that it had been a victim of a...more
On September 20, the Securities and Exchange Commission announced that its system for electronic filing for public company disclosures, EDGAR, was compromised last year and that hackers may have used exposed information for...more
SEC Chicago Regional Director David Glockner spoke at a PLI Conference in New York on June 6 regarding the SEC’s data security regulations and enforcement efforts. Mr. Glockner acknowledged frustration with the Division of...more