Public companies should note a recent settlement with the US Securities and Exchange Commission (“SEC”). On March 9, 2023, the SEC announced that Blackbaud Inc. agreed to pay $3 million to settle charges for alleged misleading disclosures about its 2020 ransomware attack and for alleged disclosure control failures. This serves as a reminder for public companies to review and test carefully internal policies and procedures that apply following cybersecurity incidents. And, importantly, there are additional SEC proposed rules on the horizon that would, among other things, be more prescriptive regarding written policies and notification requirements.

Read the complete Legal Update.