Tag archives: SEC

ICYMI –December in privacy and cybersecurity

By David Kessler (US) and Susan Ross (US) on January 4, 2024 Posted in Privacy law

December tends to be a busy time for everyone, so you may have missed a privacy update or two. We have set out some updates in the form of questions, with links in the answers where you can find more information. (For those making this quiz a competitive event, we have included a tie-breaker/bonus question.) … Continue reading

US SEC issues final rule on cybersecurity disclosures

By Susan Ross (US) on July 27, 2023 Posted in Cybersecurity

On July 26, 2023, the US SEC issued the long-awaited final rules for public companies and foreign private issuers requiring rapid disclosure of material cybersecurity incidents as well as periodic disclosure of cybersecurity risk management and policies and procedures (the “SEC Final Rule”). The SEC Final Rule reflects the SEC’s desire to standardize company disclosures … Continue reading

Proposed cybersecurity rules for SEC registered advisers and funds

By Will Daugherty (US) and Kate Nelson (US) on March 4, 2022 Posted in Cybersecurity

On February 9, 2022, the U.S. Securities and Exchange Commission (“SEC”) released a proposal aimed at enhancing cybersecurity risk management programs, including cybersecurity preparedness and response, for registered investment advisers (“advisers”), investment companies and business development companies (“funds”). Overall, the proposal addresses the following rule amendments and additions: 1. Cybersecurity Policies and Procedures Under the … Continue reading

US SEC announces three actions charging firms for cybersecurity deficiencies

By Kevin J. Harnisch (US), Chris Cwalina (US), Will Daugherty (US), Ashley Zatloukal (US) and Matthew Niss (US) on September 15, 2021 Posted in Cybersecurity, Enforcement

The SEC announced enforcement actions against three sets of advisers for alleged failures in cybersecurity policies that violate the Safeguards Rule.… Continue reading

Cybersecurity and the SEC

By Susan Ross (US) and Alexis Wilpon (US) on October 31, 2018 Posted in Compliance and risk management, Cybercrime

Data Protection Report - Norton Rose Fulbright

The U.S. Securities and Exchange Commission (“SEC”) may not be the first agency that comes to mind with respect to cybersecurity, but the SEC has been in the headlines recently with respect to cyber fraud in particular. Earlier this month, the SEC promulgated a report urging companies to take preventive measures against cyber fraud.… Continue reading

“But the emails” – companies’ SEC filings reflect ransomware risks

By Anna Rudawski (US) on September 11, 2017 Posted in Compliance and risk management, Data breach

The Equifax breach will likely devour the entire breach news cycle in the near term, given the size of the incident and that it gets to the essence of the company’s business of maintaining some of the most sensitive consumer information. Still, in what for the moment might seem like a more pedestrian risk, companies … Continue reading

SEC’s cyber preparedness priorities on display in the agency’s cybersecurity examination initiative

By on February 12, 2015 Posted in Compliance and risk management, Regulatory response

Last week, the U.S. Securities and Exchange Commission’s (“SEC”) Office of Compliance Inspections and Examinations (“OCIE”) published a Risk Alert that summarized findings from the agency’s examinations of the practices employed by financial service firms to address cybersecurity risks. The focus and results of the OCIE’s evaluation offer firms insight into the types of information security and … Continue reading