cybersecurity

Skadden Discusses a Board’s Role in Oversight of Cybersecurity Risks

By Anita B. Bandy, Brian V. Breheny, Raquel Fox, William Ridgway and David A. Simon February 28, 2024 by renholding

Key Points

• New SEC rules from 2023 require public companies to report material cybersecurity incidents promptly and detail their cybersecurity risk management strategies in annual reports — requirements that increase the risk of litigation over misstatements relating to cybersecurity.
• The

…

Cleary Gottlieb Discusses AI’s Risks for Boards and Managers

By David Lopez, Adam Fleisher, Daniel Ilan, Benet O’Reilly and Synne Chapman February 20, 2024 by renholding

Artificial intelligence (AI)[1] was the biggest technology news of 2023. AI continues to revolutionize business in big and small ways, ranging from disrupting entire business models to making basic support functions more efficient. Observers have rightly focused on the …

Wachtell Lipton Discusses Key Issues in Corporate Governance for 2024

By Martin Lipton, Steven A. Rosenblum, Karessa L. Cain and Carmen X.W. Lu January 10, 2024 by renholding

Over the past year, expectations for directors have continued to evolve, bringing new challenges and responsibilities to the boardroom. The remarkable speed, volume and proliferation of channels through which information travels today continue to place more scrutiny on boards and

…

Morrison & Foerster Discusses Impact of New York Amendments to Cybersecurity Regulation

By Miriam Wugmeister, Carrie Cohen, Kristen Mathews and Nathan Reilly December 15, 2023 by renholding

The New York Department of Financial Services (NYDFS) has finalized amendments (“Amended Regulation”) to its cybersecurity rule (“Cybersecurity Rule”) that applies to financial institutions licensed by the NYDFS. This comes after a series of proposed amendments (see our client …

Debevoise Discusses SEC’s Division of Enforcement Year-End Results

By Kara Brockmeyer, Andrew Ceresney, Robert Kaplan, Julie Riewe and Mary Jo White November 30, 2023 by renholding

On November 14, 2023, the U.S. Securities and Exchange Commission’s (“SEC” or “Commission”) Division of Enforcement (“Division”) announced its enforcement results for fiscal year (“FY”) 2023.[1] Disgorgement and penalties were the second highest in the SEC’s history at just …

SEC Announces Enforcement Results for Fiscal Year 2023

By Securities and Exchange Commission November 15, 2023 by renholding

The Securities and Exchange Commission announced that it filed 784 total enforcement actions in fiscal year 2023, a 3 percent increase over fiscal year 2022, including 501 original, or “stand-alone,” enforcement actions, an 8 percent increase over the prior fiscal …

Skadden Discusses What SEC’s Solar Winds Complaint Means for Boards, Information Security Officers

By Anita Bandy, William Ridgway, David Simon, Joshua Silverstein and Shirley Diaz November 13, 2023 by renholding

On October 30, 2023, the SEC filed a litigated complaint against SolarWinds, a software development company, and Timothy Brown, its chief information security officer (CISO). The SEC alleges that from October 2018, when SolarWinds went public, to January 2021, SolarWinds …

SEC Chair Supports Rules on Public Company Cybersecurity Disclosures

By Gary Gensler July 27, 2023 by renholding

Today [July 26], the Commission is considering adopting final rules regarding cybersecurity disclosures by public companies. I am pleased to support these rules because they will enhance and standardize disclosures to investors with regard to public companies’ cybersecurity practices as

…

SEC Commissioner Peirce Dissents from Rules on Cybersecurity Disclosure

By Hester M. Peirce July 27, 2023 by renholding

Thank you, Chair Gensler. Although better than the proposal, this final cybersecurity disclosure rule continues to ignore both the limits to the SEC’s disclosure authority and the best interests of investors. Moreover, the Commission has failed to explain why we

…

SEC Commissioner Speaks on Cybersecurity and Protecting Investors

By Jaime Lizárraga May 19, 2023 by renholding

Good morning. Thank you, Bob [Zukis]. It is a pleasure to be here today, and I thank the Digital Directors Network for hosting this discussion about cybersecurity. This topic is so essential for the safety and resiliency of our capital

…

Debevoise Discusses White House’s National Cybersecurity Strategy

By Luke Dembosky, Avi Gesser, Erez Liebermann, Jim Pastore and Michael R. Roberts March 30, 2023 by renholding

On March 2, 2023, the White House Office of the National Cyber Director (“ONCD”) released the Biden Administration’s (the “Administration”) long-awaited National Cybersecurity Strategy (the “Strategy”), the first since the Trump Administration’s strategy was issued in September 2018. The Strategy …

Davis Polk Discusses New SEC Cybersecurity Requirements for Regulated Market Participants

By Robert A. Cohen, Greg D. Andres, James W. Haldin, Gabriel D. Rosenberg and Zachary J. Zweihorn March 29, 2023 by renholding

The SEC proposed an array of new cybersecurity-related requirements in the form of: (1) an expansive new Rule 10, (2) extending the reach of Regulation SCI, and (3) expanding Regulation S-P, including to require incident response programs. The SEC also …

Covington Discusses SEC’s Focus on Cybersecurity Incident Disclosure

By David Engvall, Ashden Fein, Gerald Hodgkins, Ian Macdonald and Micaela McMurrough March 27, 2023 by renholding

On March 9, 2023, the Securities and Exchange Commission (the “SEC”) Enforcement Division’s Crypto Assets and Cyber Unit announced a settlement with Blackbaud, Inc. involving allegations of inadequate disclosure controls and procedures and material misstatements and omissions concerning a 2020 …

SEC Chair Gensler on Recent Bank Failures, Enhanced Cybersecurity for Market Entities

By Gary Gensler March 16, 2023 by renholding

Good morning. This is an open meeting of the U.S. Securities and Exchange Commission on March 15th, 2023. I want to welcome members of the public who are listening in.

Before we get to today’s agenda, I want to address

…

Cleary Gottlieb Discusses the SEC’s Disclosure Agenda and Corporate Governance

By Helena K. Grannis and Synne D. Chapman January 27, 2023 by renholding

In 2022, public companies witnessed a new kind of corporate governance activism. New rules and regulations from the Securities and Exchange Commission (the SEC) use the lever of mandated disclosure to push for corporate governance actions, and in some cases …

Wachtell Lipton Discusses Key Issues for Boards in Corporate Governance for 2023

By Martin Lipton, Steven A. Rosenblum, Karessa L. Cain and Hannah Clark December 6, 2022 by renholding

While the world recovers from the worst of the pandemic, the economic, political and social repercussions will continue to play out in ways that, while unpredictable, are in some respects characterized by observable patterns of cause-and-effect and cyclicality.  The pendulum …

Debevoise & Plimpton Discusses How to Protect AI Models and Data

By Avi Gesser, Anna Gressel, Tristian Lockwood, Noah Schwartz and Joel Yonts September 30, 2022 by renholding

One of the most difficult challenges for cybersecurity professionals is the increasing complexity of corporate systems. Mergers, vendor integrations, new software tools and remote work all expand the footprint of companies’ information systems, creating a larger attack surface for hackers. …

Skadden Discusses Executive Order on CFIUS Authority to Identify National Security Risks

By Brian J. Egan, Michael E. Leiter and Ondrej Chvosta September 19, 2022 by renholding

On September 15, 2022, President Joe Biden issued an executive order (EO) “on ensuring robust consideration of evolving national security risks” by the Committee on Foreign Investment in the United States (CFIUS or the Committee). The EO does not change …

The War on Business

By Tom C.W. Lin September 8, 2022 by renholding

Nations and businesses often compete and clash. But the war on business has escalated in  recent years as nation-states and non-state actors target specific businesses with sanctions and recriminations and new intensity and methods. The many legal, economic, and social …

Why Cybersecurity Is a Growing Concern in M&A

By Gabriele Lattanzio and Jérôme Taillard August 18, 2022 by renholding

The Fortune 500 CEO survey in 2021 found that two-thirds of interviewed CEOs consider cybersecurity risk their greatest concern, far greater than the risks presented by political instability or climate change.[1] They are right to be concerned, particularly in …