Debevoise Discusses the New SEC Cybersecurity Guidance

On February 21, 2018, the SEC issued new Guidance regarding cybersecurity disclosure and governance requirements applicable to SEC reporting companies. In our earlier Client Update on this topic, we discussed the disclosure considerations addressed in the Guidance. In this Client Update, we focus on the cyber-related governance issues addressed in the Guidance[1].

Cybersecurity and Risk Governance

The Guidance addresses three governance topics in the context of cybersecurity: (1) the adoption and regular assessment of cyber-related disclosure controls and procedures; (2) the establishment of policies and procedures to address the risk of insider trading based on material nonpublic cybersecurity … Read more

Debevoise Analyzes Revised New York Cybersecurity Regulation for the Financial Sector

New York’s Department of Financial Services (DFS or the Department) has responded to a large volume of comments about its proposed, sweeping cybersecurity regulation for banks, insurers and other financial service providers by softening a number of provisions that many in the industry had criticized as onerous and overly prescriptive. On December 28, 2016, the Department published a revised regulation (the Revised Draft Regulation)[1] that altered its original, “first-in-the-nation” proposal issued on September 13, 2016 (the Original Draft Regulation).

Many had argued that the Original Draft Regulation should be more risk-based, along the lines of the NIST Cybersecurity Framework … Read more