The Justice Insiders Podcast: Incidents in the Material World: SEC Adopts New Cybersecurity Rules
Episode 288 -- SEC Adopts Robust New Cybersecurity Disclosure Rules
The SEC, investment banks and other stakeholders are increasingly focused on cybersecurity in IPO companies given the potential financial, legal and reputational risks....more
The primary development in executive compensation disclosure for the 2025 proxy season is new Item 402(x) under Regulation S-K, relating to the disclosure of stock option grant timing policies and practices. Companies with...more
As we bid farewell to 2024, we welcome not only another year but also several new disclosure requirements. In this Snapshot, we summarize several developments and best practices for public companies to consider as the 2024...more
The securities law disclosure framework has evolved to encourage; companies acting in good faith to disseminate relevant projections pertaining to their businesses to the general public "without fear of open-ended liability."...more
In July 2023, the SEC adopted new cybersecurity rules for the stated purpose of enhancing and standardizing disclosures regarding cybersecurity risk management, strategy, governance and incidents by public companies. The...more
On July 26, 2023, the SEC adopted new cybersecurity rules, which have two top-line impacts. First, registrants must disclose material cybersecurity incidents promptly on Form 8-K. Second, registrants must disclose new...more
In less than three months, public companies and certain foreign private companies will have to take additional steps after cybersecurity breaches: deciding whether an incident meets the materiality threshold that requires...more
Public companies will soon be required to provide increased transparency about cybersecurity incidents, risk management, strategy and governance as a result of new rules adopted by the Securities and Exchange Commission (the...more
The U.S. Securities and Exchange Commission (SEC) adopted final rules on July 26, 2023, requiring public companies to provide current disclosure, within what may be a short time window, about material cybersecurity incidents...more
On July 26, 2023, the Securities and Exchange Commission ("SEC"), in a 3-2 vote, adopted rules that will require public companies to make prescribed cybersecurity disclosures.1 The rules are designed to elicit "consistent,...more
In Short - The Situation: On July 26, 2023, the U.S. Securities and Exchange Commission ("SEC") adopted final rules that significantly alter cybersecurity disclosure obligations for companies. The SEC's final rules adopt...more
On July 26, 2023, the Securities and Exchange Commission (“SEC”) adopted amendments augmenting and standardizing required disclosures for public companies related to cybersecurity. The rules apply to all registrants, and...more
Public companies will soon face new cybersecurity disclosure requirements from the Securities and Exchange Commission (SEC), which voted last week to approve a controversial new cybersecurity rule. The final rule—which is...more
On July 26, 2023, the Securities and Exchange Commission (SEC) adopted rules imposing significant new disclosure requirements regarding cybersecurity risk management, strategy and governance and incident reporting by public...more
On July 26, the U.S. Securities and Exchange Commission adopted rules to enhance and standardize public company disclosure of cybersecurity incidents, risk management, strategy and governance. In particular, the rules,...more
On July 26, 2023, the SEC adopted new rules to enhance and standardize disclosures pertaining to cybersecurity risk management, strategy, governance, and material cybersecurity incidents. The SEC's decision to introduce...more
On July 26, the Securities and Exchange Commission (SEC), by a 3-2 vote, adopted final rules intended to enhance public companies’ disclosures regarding (1) cybersecurity incidents through a new required current report item...more
As a significant step in its ongoing initiatives on the disclosure, management, and oversight of cybersecurity risks and incidents, on July 26, 2023, the US Securities and Exchange Commission (SEC or Commission) adopted rules...more
The long-awaited U.S. Securities and Exchange Commission (SEC) cybersecurity rules for public companies have finally arrived. On July 26, 2023, a divided SEC adopted new rules requiring each public company to, among other...more
At an open meeting this morning, the Securities and Exchange Commission voted (with dissenters—see, for example, Commissioner Peirce’s statements) to adopt amendments aimed at enhancing and standardizing disclosures related...more
THE SEC’S RULE PROPOSALS AIM TO ASSIST INVESTORS - On March 9, 2022, the U.S. Securities and Exchange Commission (SEC) proposed new rules “to enhance and standardize disclosures regarding cybersecurity risk management,...more
Our Securities, Securities Litigation, and Privacy, Cyber & Data Strategy teams highlight the key aspects of the Securities and Exchange Commission’s latest sweeping changes to its cybersecurity reporting rules for public...more
As part of the SEC's broader rulemaking initiative, on March 9, 2022, the SEC proposed amendments to enhance and standardize disclosures regarding cybersecurity risk management, strategy, governance, and incident reporting by...more
Less than a month after the U.S. Securities and Exchange Commission (SEC) proposed substantial new cybersecurity requirements for investment advisers and registered investment companies, the commission unveiled a new slate of...more
Key Points - Proposed amendments bolster cyber disclosure and incident reporting requirements to better inform investors about a company’s risk management, strategy and governance relative to cyber issues. ...more