The Gap Between Cybersecurity Oversight and Boardroom Expertise

By Michelle R. Lowry, Anthony Vance and Marshall D. Vance August 13, 2025 by renholding

Following a string of high-profile data breaches and other cybersecurity failures, investors and regulators increasingly expect corporate directors to monitor cyber risk. But what does board oversight of cybersecurity look like in practice, and is it effective? In a recent …

Sullivan & Cromwell Discusses SEC Withdrawal of 14 Proposed Rules

By Colin Lloyd, Eric Diamond, Malou (Marie-Louise) Huth, Aaron Levine and Natasha Vasan June 23, 2025 by renholding

On June 12, the SEC withdrew 14 proposed rules stating that it did not intend to issue final rules with respect to the proposals and that if the SEC decides to pursue future regulatory action in any of these areas, …

Cleary Gottlieb Discusses Effective Board Oversight as AI Evolves

By Angela L. Dunning, Daniel Ilan, David Lopez, Marcela Robledo and Synne D. Chapman February 5, 2025 by renholding

Deployment of generative AI expanded rapidly across many industries in 2024, leading to broadly increased productivity, return on investment and other benefits. At the same time, AI was also a focus for lawmakers, regulators and courts. There are currently 27 …

Morrison & Foerster Discusses Final Biden Cybersecurity Order

By Tina Reynolds and Markus Gerhard Speidel January 28, 2025 by eorozco

Citing the threats posed by foreign adversaries and criminal organizations, and seeking enhanced accountability for companies that provide software and cloud services to the federal government, the Biden administration released a new, sweeping Executive Order (“E.O.”) on cybersecurity, signing the …

SEC Announces Enforcement Results for Fiscal Year 2024

By Securities and Exchange Commission November 25, 2024 by renholding

The Securities and Exchange Commission announced on November 22 that it filed 583 total enforcement actions in fiscal year 2024 while obtaining orders for $8.2 billion in financial remedies, the highest amount in SEC history.

The 583 enforcement actions represent

…

Debevoise & Plimpton Discusses Key Considerations for the 2024 Annual Reporting Season

By Eric T. Juergens, Benjamin R. Pedersen, Paul M. Rodel, Alice Gu and Amy Pereira November 22, 2024 by ngodridge

As November comes to an end, the busy annual reporting and proxy season begins for many public companies. In this Client Update, we highlight key considerations for public companies when preparing their annual reports on Form 10-K or Form 20-F, …

Wachtell Lipton Offers Summer Takeaways in SEC Enforcement

By John F. Savarese, Wayne M. Carlin and David B. Anders September 5, 2024 by renholding

With the Labor Day holiday now behind us, it is a good time to review the SEC’s active enforcement docket and to look ahead to likely areas of continuing enforcement attention as we head into the fall. The record over …

Skadden Discusses New UK Government’s AI and Cybersecurity Reforms

By Nicola Kerr-Shaw and Aleksander J. Aleksiev August 9, 2024 by renholding

Last month the new Labour government in the UK announced in the King’s Speech that it will introduce new artificial intelligence (AI) rules alongside cybersecurity and digital information bills. A brief overview of these developments is set out below.

Artificial

…

SEC Corporation Finance Director Speaks on the State of Disclosure Review

By Erik Gerding June 25, 2024 by renholding

Good afternoon.[1] I appreciate the opportunity to speak with you again today as part of the Corp Fin Workshop. I wanted to make a few remarks about the important work being done in the Division’s Disclosure Review Program and

…

SEC Corporation Finance Chief Addresses Disclosure of Cybersecurity Incidents

By Erik Gerding May 24, 2024 by renholding

The cybersecurity rules that the Commission adopted on July 26, 2023[*] require public companies to disclose material cybersecurity incidents under Item 1.05 of Form 8-K.[1] If a company chooses to disclose a cybersecurity incident for which it has …

Skadden Discusses a Board’s Role in Oversight of Cybersecurity Risks

By Anita B. Bandy, Brian V. Breheny, Raquel Fox, William Ridgway and David A. Simon February 28, 2024 by renholding

Key Points

New SEC rules from 2023 require public companies to report material cybersecurity incidents promptly and detail their cybersecurity risk management strategies in annual reports — requirements that increase the risk of litigation over misstatements relating to cybersecurity.
The

…

Cleary Gottlieb Discusses AI’s Risks for Boards and Managers

By David Lopez, Adam Fleisher, Daniel Ilan, Benet O’Reilly and Synne Chapman February 20, 2024 by renholding

Artificial intelligence (AI)[1] was the biggest technology news of 2023. AI continues to revolutionize business in big and small ways, ranging from disrupting entire business models to making basic support functions more efficient. Observers have rightly focused on the …

Wachtell Lipton Discusses Key Issues in Corporate Governance for 2024

By Martin Lipton, Steven A. Rosenblum, Karessa L. Cain and Carmen X.W. Lu January 10, 2024 by renholding

Over the past year, expectations for directors have continued to evolve, bringing new challenges and responsibilities to the boardroom. The remarkable speed, volume and proliferation of channels through which information travels today continue to place more scrutiny on boards and

…

Morrison & Foerster Discusses Impact of New York Amendments to Cybersecurity Regulation

By Miriam Wugmeister, Carrie Cohen, Kristen Mathews and Nathan Reilly December 15, 2023 by renholding

The New York Department of Financial Services (NYDFS) has finalized amendments (“Amended Regulation”) to its cybersecurity rule (“Cybersecurity Rule”) that applies to financial institutions licensed by the NYDFS. This comes after a series of proposed amendments (see our client …

Debevoise Discusses SEC’s Division of Enforcement Year-End Results

By Kara Brockmeyer, Andrew Ceresney, Robert Kaplan, Julie Riewe and Mary Jo White November 30, 2023 by renholding

On November 14, 2023, the U.S. Securities and Exchange Commission’s (“SEC” or “Commission”) Division of Enforcement (“Division”) announced its enforcement results for fiscal year (“FY”) 2023.[1] Disgorgement and penalties were the second highest in the SEC’s history at just …

SEC Announces Enforcement Results for Fiscal Year 2023

By Securities and Exchange Commission November 15, 2023 by renholding

The Securities and Exchange Commission announced that it filed 784 total enforcement actions in fiscal year 2023, a 3 percent increase over fiscal year 2022, including 501 original, or “stand-alone,” enforcement actions, an 8 percent increase over the prior fiscal …

Skadden Discusses What SEC’s Solar Winds Complaint Means for Boards, Information Security Officers

By Anita Bandy, William Ridgway, David Simon, Joshua Silverstein and Shirley Diaz November 13, 2023 by renholding

On October 30, 2023, the SEC filed a litigated complaint against SolarWinds, a software development company, and Timothy Brown, its chief information security officer (CISO). The SEC alleges that from October 2018, when SolarWinds went public, to January 2021, SolarWinds …

SEC Chair Supports Rules on Public Company Cybersecurity Disclosures

By Gary Gensler July 27, 2023 by renholding

Today [July 26], the Commission is considering adopting final rules regarding cybersecurity disclosures by public companies. I am pleased to support these rules because they will enhance and standardize disclosures to investors with regard to public companies’ cybersecurity practices as

…

SEC Commissioner Peirce Dissents from Rules on Cybersecurity Disclosure

By Hester M. Peirce July 27, 2023 by renholding

Thank you, Chair Gensler. Although better than the proposal, this final cybersecurity disclosure rule continues to ignore both the limits to the SEC’s disclosure authority and the best interests of investors. Moreover, the Commission has failed to explain why we

…

SEC Commissioner Speaks on Cybersecurity and Protecting Investors

By Jaime Lizárraga May 19, 2023 by renholding

Good morning. Thank you, Bob [Zukis]. It is a pleasure to be here today, and I thank the Digital Directors Network for hosting this discussion about cybersecurity. This topic is so essential for the safety and resiliency of our capital

…

1 2 3 … 5 Next »

The CLS Blue Sky Blog

Columbia Law School's Blog on Corporations and the Capital Markets

cybersecurity