On October 22, 2024, the U.S. Securities and Exchange Commission (“SEC” or “Commission”) issued a series of orders imposing almost $7 million in disclosure fines against four global digital service providers impacted by the 2020 SolarWinds compromise. The SEC accused
SEC
SEC statement clarifies material cybersecurity incident disclosure requirement
SEC final rule on reporting material cybersecurity incidents
In July 2023, the US Securities and Exchange Commission (SEC) finalized its rule requiring public companies to disclose material cybersecurity incidents under Item 1.05 of Form 8-K. Though materiality is not a…
ICYMI –December in privacy and cybersecurity


December tends to be a busy time for everyone, so you may have missed a privacy update or two. We have set out some updates in the form of questions, with links in the answers where you can find more…
US SEC issues final rule on cybersecurity disclosures

On July 26, 2023, the US SEC issued the long-awaited final rules for public companies and foreign private issuers requiring rapid disclosure of material cybersecurity incidents as well as periodic disclosure of cybersecurity risk management and policies and procedures (the…
Proposed cybersecurity rules for SEC registered advisers and funds


On February 9, 2022, the U.S. Securities and Exchange Commission (“SEC”) released a proposal aimed at enhancing cybersecurity risk management programs, including cybersecurity preparedness and response, for registered investment advisers (“advisers”), investment companies and business development companies (“funds”). Overall, the…
US SEC announces three actions charging firms for cybersecurity deficiencies
The SEC announced enforcement actions against three sets of advisers for alleged failures in cybersecurity policies that violate the Safeguards Rule.…
Cybersecurity and the SEC


The U.S. Securities and Exchange Commission (“SEC”) may not be the first agency that comes to mind with respect to cybersecurity, but the SEC has been in the headlines recently with respect to cyber fraud in particular. Earlier this month, the SEC promulgated a report urging companies to take preventive measures against cyber fraud.
“But the emails” – companies’ SEC filings reflect ransomware risks

The Equifax breach will likely devour the entire breach news cycle in the near term, given the size of the incident and that it gets to the essence of the company’s business of maintaining some of the most sensitive consumer…
SEC’s cyber preparedness priorities on display in the agency’s cybersecurity examination initiative
Last week, the U.S. Securities and Exchange Commission’s (“SEC”) Office of Compliance Inspections and Examinations (“OCIE”) published a Risk Alert that summarized findings from the agency’s examinations of the practices employed by financial service firms to address cybersecurity risks.
The…