Cybersecurity

Subscribe to Cybersecurity

Public companies should note a recent settlement with the US Securities and Exchange Commission (“SEC”). On March 9, 2023, the SEC announced that Blackbaud Inc. agreed to pay $3 million to settle charges for alleged misleading disclosures about its 2020 ransomware attack and for alleged disclosure control failures. This serves as a reminder for public

On January 10, 2023, the Financial Industry Regulatory Authority, Inc. (“FINRA”) published the 2023 Report on its Examination and Risk Monitoring Program (the “Report”). FINRA highlights several topics as key areas of risk for investors and the markets, including mobile apps, complex products and options, order handling/best execution, Regulation Best Interest and Form CRS, and

In this MB Microtalk video, Mayer Brown Partner, Christina Thomas, discusses the US Securities and Exchange Commission’s proposed rules on cybersecurity risks and incident disclosures, which, if adopted, will require companies to report information relating to cybersecurity incidents and cybersecurity risk management strategy.

Visit our MB Microtalk page for more topics and talks.

The Staff of the US Securities and Exchange Commission’s Division of Corporation Finance released a sample comment letter that provides guidance regarding the types of disclosures that reporting companies should consider in connection with the direct or indirect that Russia’s invasion of Ukraine and the international response it may have on their businesses. Among other

On March 9, 2022, the U.S. Securities and Exchange Commission (the “SEC”) released proposed amendments (the “Proposed Amendments”) aimed at enhancing and standardizing disclosure relating to cybersecurity risks and incidents. Under the existing regulatory framework, neither Regulation S-K nor Regulation S-X expressly requires that cybersecurity risk management procedures, cybersecurity risks or incidents be disclosed. However,

On March 9, 2022, the US Securities and Exchange Commission (“SEC”) voted 3-1 to propose new rules and amendments under the Securities Exchange Act of 1934 that would constitute the SEC’s first attempt to adopt specific rules to comprehensively regulate cybersecurity risk management, strategy, governance and incident reporting for public companies (“registrants”). The stated goals

January 11, 2022 | PLI Webinar
3:00pm – 4:00pm EST
Register here.

Mayer Brown partners, Brian Hirshberg and Christina Thomas, will discuss US Securities Exchange Commission (“SEC”) disclosures, issues and recent developments for foreign private issuers (“FPIs”) during this Practising Law Institute briefing. Key topics to be addressed, among others, include:

  • Areas of focus

This past summer’s string of cyber enforcement actions signals that cybersecurity has become a top priority for the US Securities and Exchange Commission (SEC). These enforcement actions highlight the SEC’s scrutiny of written documentation and disclosures following incidents. In this National Cybersecurity Awareness Month Legal Update, we discuss the SEC’s recent cyber enforcement actions,

In various prepared remarks in recent weeks, Securities and Exchange Commission (SEC) Chair Gensler has commented on a number of potential proposals for additional disclosure requirements.

In remarks made to the European Parliament Committee on Economic and Monetary Affairs, Chair Gensler addressed a number of topics, including gamification and crypto assets.  Commenting on issuer

This practice note identifies cybersecurity risk disclosures that offer detailed discussions on the potential reputational, financial, or operational harm resulting from cybersecurity breaches as well as the potential litigation or regulatory costs, policies, and procedures in addressing cybersecurity risks. This piece concludes with practical advice on how to prepare and enhance the required disclosures on