Public companies should note a recent settlement with the US Securities and Exchange Commission (“SEC”). On March 9, 2023, the SEC announced that Blackbaud Inc. agreed to pay $3 million to settle charges for alleged misleading disclosures about its 2020 ransomware attack and for alleged disclosure control failures. This serves as a reminder for public
Cybersecurity
FINRA Publishes 2023 Report on Its Examination and Risk Monitoring Program
On January 10, 2023, the Financial Industry Regulatory Authority, Inc. (“FINRA”) published the 2023 Report on its Examination and Risk Monitoring Program (the “Report”). FINRA highlights several topics as key areas of risk for investors and the markets, including mobile apps, complex products and options, order handling/best execution, Regulation Best Interest and Form CRS, and…
MB Microtalk: SEC’s Proposed Rules on Cybersecurity Risks and Incident Disclosures

In this MB Microtalk video, Mayer Brown Partner, Christina Thomas, discusses the US Securities and Exchange Commission’s proposed rules on cybersecurity risks and incident disclosures, which, if adopted, will require companies to report information relating to cybersecurity incidents and cybersecurity risk management strategy.
Visit our MB Microtalk page for more topics and talks.
Sample Letter to Companies Regarding Disclosures Pertaining to Russia’s Invasion of Ukraine and Related Supply Chain Issues
The Staff of the US Securities and Exchange Commission’s Division of Corporation Finance released a sample comment letter that provides guidance regarding the types of disclosures that reporting companies should consider in connection with the direct or indirect that Russia’s invasion of Ukraine and the international response it may have on their businesses. Among other…
SEC Proposes New Rules on Public Company Cybersecurity Disclosures
On March 9, 2022, the U.S. Securities and Exchange Commission (the “SEC”) released proposed amendments (the “Proposed Amendments”) aimed at enhancing and standardizing disclosure relating to cybersecurity risks and incidents. Under the existing regulatory framework, neither Regulation S-K nor Regulation S-X expressly requires that cybersecurity risk management procedures, cybersecurity risks or incidents be disclosed. However,…
SEC Proposes Amendments That Would Place New Cybersecurity Reporting and Disclosure Requirements on Public Companies
On March 9, 2022, the US Securities and Exchange Commission (“SEC”) voted 3-1 to propose new rules and amendments under the Securities Exchange Act of 1934 that would constitute the SEC’s first attempt to adopt specific rules to comprehensively regulate cybersecurity risk management, strategy, governance and incident reporting for public companies (“registrants”). The stated goals…
SEC Disclosures Issues and Developments for Foreign Private Issuers
January 11, 2022 | PLI Webinar
3:00pm – 4:00pm EST
Register here.
Mayer Brown partners, Brian Hirshberg and Christina Thomas, will discuss US Securities Exchange Commission (“SEC”) disclosures, issues and recent developments for foreign private issuers (“FPIs”) during this Practising Law Institute briefing. Key topics to be addressed, among others, include:
- Areas of focus
…
US Securities and Exchange Commission Increases Focus on Cybersecurity
This past summer’s string of cyber enforcement actions signals that cybersecurity has become a top priority for the US Securities and Exchange Commission (SEC). These enforcement actions highlight the SEC’s scrutiny of written documentation and disclosures following incidents. In this National Cybersecurity Awareness Month Legal Update, we discuss the SEC’s recent cyber enforcement actions,…
Disclosure Requirements: What’s Ahead?
In various prepared remarks in recent weeks, Securities and Exchange Commission (SEC) Chair Gensler has commented on a number of potential proposals for additional disclosure requirements.
In remarks made to the European Parliament Committee on Economic and Monetary Affairs, Chair Gensler addressed a number of topics, including gamification and crypto assets. Commenting on issuer…
Market Trends 2020/21: Cybersecurity-Related Disclosures
This practice note identifies cybersecurity risk disclosures that offer detailed discussions on the potential reputational, financial, or operational harm resulting from cybersecurity breaches as well as the potential litigation or regulatory costs, policies, and procedures in addressing cybersecurity risks. This piece concludes with practical advice on how to prepare and enhance the required disclosures on…