AI-Enabled Cyber Intrusions: What Two Incidents Reveal for Corporate Counsel

By Daniel Ilan, Rahul Mukhi, Brian Lichter, Prudence Buckland and Melissa Faragasso January 12, 2026 by renholding

Recent disclosures by Anthropic and OpenAI highlight a pivotal shift in the cyber threat landscape: AI is no longer merely a tool that aids attackers, in some cases, it has become the attacker itself. Together, these incidents illustrate immediate implications …

Ropes & Gray Discusses SEC Settlements With Four Issuers in Cybersecurity-Disclosure Cases

By Amy Jane Longo, R. Daniel O'Connor, Edward R. McNicholas, Fran Faircloth and Jake Barr November 11, 2024 by eorozco

On October 22, 2024, the Securities and Exchange Commission (“SEC”) filed settled enforcement orders involving four current and former public companies – Unisys Corp., Avaya Holdings Corp., Check Point Software Ltd, and Mimecast Limited. The settlements concern the issuers’ disclosures …

Davis Polk Discusses Cyber Disclosure Case Against SolarWinds and Its CISO

By Robert A. Cohen, Fuad Rana, Michael Kaplan, John B. Meade and Paul J. Nathanson July 29, 2024 by renholding

A court rendered a mixed result in the SEC’s SolarWinds litigation. The court declined to dismiss the SEC’s claims that a website “Security Statement” overstated the strength of SolarWinds’ cybersecurity measures. However, the court dismissed claims based on SolarWinds’ SEC …

Cleary Gottlieb Discusses Proposed Regulation on Cyber Incident Reporting

By Jonathan S. Kolodner, Rahul Mukhi and Michael Kowiak April 30, 2024 by renholding

On April 4, 2024, the Federal Register published the U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency’s (“CISA”) notice of proposed rulemaking, including the text of the proposed regulation that would implement the key provisions of the Cyber …

SEC Announces Enforcement Results for FY 2022

By Securities and Exchange Commission November 16, 2022 by renholding

The Securities and Exchange Commission today [November 15] announced that it filed 760 total enforcement actions in fiscal year 2022, a 9 percent increase over the prior year. These included 462 new, or “stand alone,” enforcement actions, a 6.5 percent …

Debevoise & Plimpton on the Latest Round of SEC Cybersecurity Enforcement Actions

By Avi Gesser, James Pastore and Mengyi Xu September 7, 2021 by renholding

On August 30, 2021, the SEC filed settled enforcement actions against three groups of broker-dealers and investment advisers for failing to protect confidential customer information in violation of Rule 30(a) of Regulation S-P (the “Safeguards Rule” or “Rule”). One group …

Paul Hastings Discusses Proposed Cyber Incident Reporting Rule for Banks

By Behnam Dayanim, Jackie Cooney and Daniel Julian January 25, 2021 by Nisha Chandra

Federal financial regulatory agencies, including the Board of Governors of the Federal Reserve System, the Federal Deposit Insurance Corporation (“FDIC”), and the Office of the Comptroller of the Currency (“OCC”) (collectively, the “Regulators”), issued on December 18, 2020, a Notice …

Price Revelation from Insider Trading: Evidence from Hacked Earnings News

By Pat Akey, Vincent Gregoire and Charles Martineau July 10, 2019 by renholding

Cyber risk is a major concern to corporations and investors. Recent academic studies point out that firms suffer large negative returns when they disclose that they have suffered a data breach (e.g., Akey, Lewellen and Liskovich (2018) and Kamiya et …

SEC Chair Discusses EDGAR-Hacking Enforcement Action

By Jay Clayton January 16, 2019 by renholding

In August 2017, shortly after my arrival at the Commission, I was informed that an intrusion into the SEC’s Electronic Data Gathering, Analysis, and Retrieval (“EDGAR”) system took place in 2016. We immediately initiated a series of review and response

…

Cleary Gottlieb Discusses the SEC’s New Cyber Unit, Six Months On

By Jonathan S. Kolodner, Rahul Mukhi, Matthew C. Solomon and Anne Titus Hilby April 3, 2018 by renholding

On September 25, 2017, the U.S. Securities and Exchange Commission (“SEC” or the “Commission”) announced the creation of a Cyber Unit within the Enforcement Division in order to further the Division’s “substantial expertise in the detection and pursuit of fraudulent …

PwC Discusses New York’s Proposed Cybersecurity Rules

By Dan Ryan, Sean Joyce, Joseph Nocera, Jeff Lavine and Didier Lavion September 26, 2016 by renholding

On September 13, 2016, the New York State Department of Financial Services (DFS) proposed a broad set of cybersecurity regulations for banks, insurers, and other financial institutions.[1] The proposal is largely consistent with existing guidance (e.g., under the NIST …

PwC discusses Preventing the Next $100 Million Bank Robbery

By Dan Ryan, Joseph Nocera, Didier Lavion, Sean Joyce, Jeff Lavine and Armen Meyer July 15, 2016 by ilyabeylin

Attackers last February reportedly stole $81 million from the Bangladesh Central Bank by obtaining and exploiting the bank’s credentials for the Society for Worldwide Interbank Financial Telecommunication (SWIFT) network.[1] The attack – one of the biggest bank robberies in …

The CLS Blue Sky Blog

Columbia Law School's Blog on Corporations and the Capital Markets

cyber security