SEC

SEC 2025 Examination Priorities Indicate Sustained Focus on Cybersecurity & Data Protection

October 28, 2024 By Kate Hanniford and Kristen Bartolotta

The SEC has released its Examination Priorities: Fiscal Year 2025 (“Examination Priorities”), which may be a useful roadmap to SEC-registered investment advisers, exchanges, and other entities subject to routine examination by the SEC Division of Examinations (“EXAMS”). The Examination Priorities represent the EXAMS Staff’s identification of areas of heightened risks to investors and/or the integrity […]

SEC Corporation Finance Provides Additional Guidance on the Disclosure of Material Cybersecurity Incidents in Form 8-K

July 10, 2024 By Seol Namgoong, Sierra Shear, Cara Peterman and Kim Peretti

On June 24, 2024, the Division of Corporation Finance (“Corp Fin”) of the Securities and Exchange Commission (“SEC”) issued five new Compliance and Disclosure Interpretations (“C&DIs”) related to the disclosure of “material” cybersecurity incidents in Item 1.05 of Form 8-Ks. The C&DIs present hypothetical fact patterns related to ransomware attacks and insurance reimbursement for damages […]

SEC Settlement Suggests the Agency’s Attempt to Regulate Cybersecurity Controls

July 2, 2024 By Cara Peterman, Kim Peretti, David Brown, Sierra Shear and Madeleine Juszynski Davidson

On June 18, 2024, the SEC announced a $2.125 million settlement with R.R. Donnelley & Sons Co. (“RRD”) related to the company’s 2021 ransomware attack (the “Incident”). The settlement, and the SEC’s accompanying cease-and-desist order (the “Order”), portend the agency’s continued and increasing oversight over registrants’ cybersecurity policies and practices. Background RRD is a global […]

SEC Corporation Finance Director Clarifies that Form 8-K Item 1.05 Disclosures Should be Limited to “Material” Cybersecurity Incidents

May 22, 2024 By Cara Peterman, Sierra Shear and Lance Taubin

On May 22, 2024, the Director of the Division of Corporation Finance (“Corp Fin”) of the Securities and Exchange Commission (“SEC”) issued further guidance regarding disclosure of cybersecurity incidents on Form 8-K. The statement builds upon and provides additional clarity to companies seeking to comply with the SEC’s 2023 cybersecurity rules, which require public […]

Ransomware Group, in Midst of Extortion Attempt, Files Regulatory Notice with SEC

November 17, 2023 By Kim Peretti, Kate Hanniford, Alysa Austin and Lance Taubin

Just a month before the Security and Exchange Commission’s (“SEC’s”) Material Cybersecurity Incidents Rule is set to take effect, a ransomware group has apparently taken compliance with reporting requirements into its own hands. On November 15, 2023, the ransomware group known as BlackCat (also known as “AlphV”) posted a notice on its leak site alleging […]