Tag archives: SEC

SEC statement clarifies material cybersecurity incident disclosure requirement

SEC final rule on reporting material cybersecurity incidents In July 2023, the US Securities and Exchange Commission (SEC) finalized its rule requiring public companies to disclose material cybersecurity incidents under Item 1.05 of Form 8-K. Though materiality is not a new concept in SEC regulations, in the context of cybersecurity incidents, materiality assessments and disclosure … Continue reading

US SEC issues final rule on cybersecurity disclosures

On July 26, 2023, the US SEC issued the long-awaited final rules for public companies and foreign private issuers requiring rapid disclosure of material cybersecurity incidents as well as periodic disclosure of cybersecurity risk management and policies and procedures (the “SEC Final Rule”).  The SEC Final Rule reflects the SEC’s desire to standardize company disclosures … Continue reading

Proposed cybersecurity rules for SEC registered advisers and funds

On February 9, 2022, the U.S. Securities and Exchange Commission (“SEC”) released a proposal aimed at enhancing cybersecurity risk management programs, including cybersecurity preparedness and response, for registered investment advisers (“advisers”), investment companies and business development companies (“funds”).  Overall, the proposal addresses the following rule amendments and additions: 1. Cybersecurity Policies and Procedures Under the … Continue reading

Cybersecurity and the SEC

Data Protection Report - Norton Rose FulbrightThe U.S. Securities and Exchange Commission (“SEC”) may not be the first agency that comes to mind with respect to cybersecurity, but the SEC has been in the headlines recently with respect to cyber fraud in particular. Earlier this month, the SEC promulgated a report urging companies to take preventive measures against cyber fraud.… Continue reading

“But the emails” – companies’ SEC filings reflect ransomware risks

Data Protection Report - Norton Rose FulbrightThe Equifax breach will likely devour the entire breach news cycle in the near term, given the size of the incident and that it gets to the essence of the company’s business of maintaining some of the most sensitive consumer information. Still, in what for the moment might seem like a more pedestrian risk, companies … Continue reading

SEC’s cyber preparedness priorities on display in the agency’s cybersecurity examination initiative

Data Protection Report - Norton Rose FulbrightLast week, the U.S. Securities and Exchange Commission’s (“SEC”) Office of Compliance Inspections and Examinations (“OCIE”) published a Risk Alert that summarized findings from the agency’s examinations of the practices employed by financial service firms to address cybersecurity risks. The focus and results of the OCIE’s evaluation offer firms insight into the types of information security and … Continue reading
LexBlog