(800) 341-2684

Call Toll Free

Contact us

Online Inquiries 24/7

Laura Anthony Esq

MAKE VALUED ALLIANCES

Cybersecurity Risks

SEC Adopts Final New Rules On Cybersecurity Disclosures

On July 26, 2023, the SEC adopted final new rules requiring disclosures for both domestic and foreign companies related to cybersecurity incidents, risk management, strategy and governance.  The proposed rules were published in March 2022 (see HERE).  In response to numerous comments, the final rules made several changes to the proposal, including narrowing the disclosures in both the Form 8-K/6-K and annual reports on Form 10-K and 20-F.

The final rules add new Item 1.05 to Form 8-K requiring disclosure of a material cybersecurity incident including the incident’s nature, scope, timing, and material impact or reasonably likely impact on the company.  An Item 1.05 Form 8-K will be due within four business days following determination that a cybersecurity incident is material. Given the sensitive nature of cybersecurity crimes, the SEC has added a provision allowing an 8-K to be delayed if it is informed by the United States Attorney General, in writing, that immediate disclosure would pose a substantial

Proposed Rules On Cybersecurity Disclosure

Earlier this year, the SEC published proposed rules on cybersecurity risk management, strategy, governance and incident disclosure by public companies.  Although the comment period has passed, a final rule has not yet been issued.  As of now, cybersecurity disclosures are encompassed within the general anti-fraud provisions including the requirement to disclose “such further material information, if any, as may be necessary to make the required statements, in light of the circumstances under which they are made, not misleading” as well SEC guidance last updated in 2018 (see HERE).

The proposed amendments would require, among other things, current reporting about material cybersecurity incidents and updates about previously reported cybersecurity incidents. The proposal also would require periodic reporting about a company’s policies and procedures to identify and manage cybersecurity risks; the company’s board of directors’ oversight of cybersecurity risk; and management’s role and expertise in assessing and managing cybersecurity risk and implementing cybersecurity policies and procedures. The proposal would further

Russia-Ukraine Disclosures And Supply Chain Issues

Supply chain issues continue to plague just about every industry and the continuing attack by Russia against the Ukraine, gives little hope of a respite in the near future.  The recent easing of congestion at the handful of U.S. ports big enough to accommodate container ships is likely more a result of inflation and a summer slowdown than effective logistical management.  Amid the ongoing difficulties, the SEC has published a sample letter to companies regarding disclosures pertaining to Russia’s invasion of the Ukraine and related supply chain issues.

SEC Sample Comment Letter

The SEC is of the view that companies should provide detailed disclosure, to the extent material or if required by a prescriptive rule, regarding: (i) direct or indirect exposure to Russia, Belarus, or Ukraine through their operations, employee base, investments in Russia, Belarus, or Ukraine, securities traded in Russia, sanctions against Russian or Belarusian individuals or entities, or legal or regulatory uncertainty associated with operating in or exiting

The SEC Is Seeking An 8% Budget Increase

On May 17, 2022, SEC Chair Gary Gensler gave testimony before the Subcommittee on Financial Services and General Government U.S. House Appropriations Committee asking for an 8% budget increase for the SEC and outlining his priorities.  Although Chair Gensler expressed a desire to update rules for modern markets and technologies, his main focus is to “ensure that the SEC is adequately resourced so we can remain the cop on the beat.”  As the cyclical nature of the SEC continues, it seems we are moving back towards the era of “broken windows” shepherded in by former Chair Mary Jo White in 2013 and ended in 2017 by former Chair Jay Clayton.

Reminding us of the reach of our capital markets, Gensler points out that the SEC oversees 24 national securities exchanges, 99 alternative trading systems, nine credit rating agencies, seven active registered clearing agencies, five self-regulatory organizations and other external entities. They look after the accounting and auditing functions of

Intellectual Property And Technology Risks – International Business Operations

In December 2019, the SEC Division of Corporation Finance issued CF Disclosure Guidance: Topic No. 8 providing guidance related to the disclosure of intellectual property and technology risks associated with international business operations.

The global and technologically interconnected nature of today’s business environment exposes companies to a wide array of evolving risks, which they must individually examine to determine proper disclosures using a principles-based approach.  A company is required to conduct a continuing analysis on the materiality of risks in the ever-changing technological landscape to ensure proper reporting of risks.  To assist management in making these determinations, the SEC has issued additional guidance.

The guidance, which is grounded in materiality and a principles-based approach, is meant to supplement prior guidance on technology and cybersecurity matters including the February 2018 SEC statement on public company cybersecurity disclosures (see my blog HERE); Director Hinman’s speech at the 18th Annual Institute on Securities Regulation in Europe in March, 2019; the SEC

Categories

Contact Author

Laura Anthony Esq

Have a Question for Laura Anthony?