The SEC on Oct. 22, 2024, announced charges against four companies for allegedly making materially misleading disclosures concerning the impact of cybersecurity incidents associated with the compromised SolarWinds' Orion...more
10/31/2024
/ Chief Information Security Officer (CISO) ,
Civil Monetary Penalty ,
Corporate Governance ,
Cyber Attacks ,
Cyber Incident Reporting ,
Cybersecurity ,
Disclosure Requirements ,
Enforcement Actions ,
Form 8-K ,
Material Misrepresentation ,
Misleading Statements ,
Publicly-Traded Companies ,
Securities and Exchange Commission (SEC) ,
Securities Exchange Act ,
Software ,
SolarWinds
This Holland & Knight blog post is the second installment in a two-part series that examines the challenges to the U.S. Securities and Exchange Commission's (SEC) charges in its landmark case against SolarWinds Corp....more
7/29/2024
/ Board of Directors ,
Chief Information Security Officer (CISO) ,
Corporate Governance ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Disclosure Requirements ,
Enforcement Actions ,
Fraud ,
Incident Response Plans ,
Material Misrepresentation ,
Misleading Statements ,
Publicly-Traded Companies ,
Risk Mitigation ,
Securities and Exchange Commission (SEC) ,
Securities Fraud ,
SolarWinds
The new Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure rules (Final Rules) adopted by the U.S. Securities and Exchange Commission (SEC) were published in the Federal Register on Aug. 4, 2023, and...more
8/21/2023
/ Corporate Governance ,
Cyber Attacks ,
Cyber Incident Reporting ,
Cybersecurity ,
Disclosure Requirements ,
Final Rules ,
Form 10-K ,
Form 8-K ,
Publicly-Traded Companies ,
Reporting Requirements ,
Risk Management ,
Securities and Exchange Commission (SEC) ,
Securities Regulation
After years of debate, Congress has passed bipartisan legislation requiring owners and operators of critical infrastructure to report cyber incidents to the U.S. Department of Homeland Security (DHS) Cybersecurity and...more
Following the SolarWinds and the Colonial Pipeline cyberattacks, the Biden Administration emphasized a shift toward mandatory cybersecurity requirements. Throughout 2021, government agencies issued new cybersecurity guidance,...more
1/13/2022
/ Banking Sector ,
Biden Administration ,
Cyber Attacks ,
Cybersecurity ,
Data Privacy ,
Data Security ,
Enforcement Actions ,
FDIC ,
Federal Reserve ,
Financial Services Industry ,
FOIA ,
Gramm-Leach-Blilely Act ,
Internal Controls ,
New Regulations ,
Notice Requirements ,
NYDFS ,
OCC ,
Personally Identifiable Information ,
Popular ,
Regulatory Authority ,
Regulatory Standards ,
Risk Assessment ,
Risk Mitigation ,
Securities and Exchange Commission (SEC) ,
Sensitive Personal Information
The Transportation Security Administration (TSA) on July 20, 2021, reversed two decades of pipeline cybersecurity policies. Having previously advocated for voluntary pipeline cybersecurity standards, the TSA quickly issued...more
8/13/2021
/ Administrative Procedure Act ,
Compliance ,
Critical Infrastructure Sectors ,
Cyber Attacks ,
Cybersecurity ,
Department of Homeland Security (DHS) ,
FERC ,
NERC ,
New Rules ,
Pipelines ,
Ransomware ,
Risk Assessment ,
Risk Mitigation ,
Transportation Industry ,
TSA
The U.S. Securities and Exchange Commission (SEC) has launched a stunning salvo across the bows of public companies with its announcement of civil monetary penalties and a cease-and-desist order against First American...more
6/23/2021
/ Cease and Desist Orders ,
Civil Monetary Penalty ,
Corporate Counsel ,
Cyber Attacks ,
Cybersecurity ,
Disclosure Requirements ,
Enforcement Actions ,
Form 8-K ,
Internal Controls ,
NYDFS ,
Popular ,
Publicly-Traded Companies ,
Reporting Requirements ,
Risk Management ,
Securities and Exchange Commission (SEC) ,
Securities Exchange Act ,
Security Risk Assessments ,
Sensitive Personal Information