The Justice Insiders Podcast: Incidents in the Material World: SEC Adopts New Cybersecurity Rules
Episode 288 -- SEC Adopts Robust New Cybersecurity Disclosure Rules
Drawing on insights from our interactions with audit committees and business leaders, the KPMG Board Leadership Center highlights nine issues for the audit committee to consider for the year ahead....more
The first year of a new significant regulatory obligation is often more notable for the absence of regulatory enforcement actions as regulators often observe compliance efforts and challenges, offer guidance, and look for...more
Paul Hastings released its SEC Cyber Incident Disclosure Report today, providing a unique look at how public companies have responded to new incident disclosure requirements. The Securities Exchange Commission (SEC) approved...more
Form 8-K requires public companies to make prompt disclosures about a large number of specified events. Although Form 8-K does not mandate current reporting of all material events, it goes a long way toward requiring public...more
SEC Penalizes Director for Misleading D&O Questionnaire Response - The SEC recently brought an enforcement action against a director for causing violations of the proxy rules by failing to disclose a close personal...more
On October 22, 2024, the SEC charged two current reporting companies, Unisys Corp. and Check Point Software Technologies, and two former public companies, Mimecast Limited and Avaya Holdings Corp., with making materially...more
On September 26, 2024, the SEC announced that it had settled charges with DraftKings Inc. for selective disclosure of material non-public information on the CEO’s personal X (formerly Twitter) and LinkedIn accounts in...more
The securities law disclosure framework has evolved to encourage; companies acting in good faith to disseminate relevant projections pertaining to their businesses to the general public "without fear of open-ended liability."...more
On June 24, 2024, the SEC issued five new Compliance & Disclosure Interpretations (C&DIs) relating to the materiality assessment and disclosure requirements of material cybersecurity incidents under Item 1.05 of Form 8-K....more
On June 24, 2024, the U.S. Securities and Exchange Commission (SEC) Division of Corporation Finance (Corp Fin) added to its Compliance and Disclosure Interpretations (C&DI) related to disclosure of Material Cybersecurity...more
As questions and commentary continue to arise with respect to the SEC’s rules on disclosure of material cybersecurity incidents, the SEC staff has sought to provide additional guidance on the application of the final...more
The U.S. Securities and Exchange Commission's (SEC) Division of Corporation Finance Director Erik Gerding released a statement on May 21, 2024, addressing Disclosure of Cybersecurity Incidents Determined to be Material and...more
On April 4, the Cybersecurity and Infrastructure Security Agency published a notice of proposed rulemaking setting out mandatory reporting requirements for covered entities that experience cybersecurity incidents or make...more
We previously noted in our March 31, 2022 alert that the U.S. Securities and Exchange Commission (SEC or Commission) held an open meeting on March 30, 2022 to consider proposed rules and amendments regarding special purpose...more
The Staff of the Division of Corporation Finance at the Securities and Exchange Commission (SEC) has recently begun issuing comment letters in the life sciences reverse merger (RM) context that involve a broadened...more
On 18 December 2023, the new rules of the US Securities and Exchange Commission (SEC) regarding disclosure of material cybersecurity incidents under Item 1.05 of Form 8-K went into effect, requiring companies to report a...more
In July 2023, the SEC adopted new cybersecurity rules for the stated purpose of enhancing and standardizing disclosures regarding cybersecurity risk management, strategy, governance and incidents by public companies. The...more
In less than three months, public companies and certain foreign private companies will have to take additional steps after cybersecurity breaches: deciding whether an incident meets the materiality threshold that requires...more
On July 26, 2023, the Securities and Exchange Commission adopted new rules imposing disclosure requirements regarding cybersecurity risk management, strategy, governance and incidents. The new rules, which became effective...more
On July 26, 2023, the Securities Exchange Commission (SEC) adopted a final rule intended to augment and standardize disclosures regarding cybersecurity risk management, governance, and incident reporting. The new rule imposes...more
In late July 2023, the Securities and Exchange Commission (“SEC”) adopted new rules requiring public companies to disclose cybersecurity incidents and cybersecurity governance policies and practice. The SEC largely adopted...more
The SEC adopted new rules for public companies regarding disclosure of information relating to cybersecurity risk management, strategy, governance, and material incidents. Companies will now be required to disclose...more
SEC Cybersecurity Rule Fact Sheet What Is the New Rule? In late July 2023, the SEC adopted new rules that will require publicly traded companies to: disclose cybersecurity incidents within four business days of determining...more
On July 26, the Securities and Exchange Commission (SEC) adopted new cybersecurity rules. Organizations will need to disclose material cyber incidents pursuant to a prescribed timeline and information regarding risk...more
On July 26, 2023, the Securities and Exchange Commission (SEC) implemented new cybersecurity rules to require disclosure of material cybersecurity incidents within four business days, with limited exceptions. Additionally,...more