Home      Login

Abstract: 

The environment for cybersecurity regulation and enforcement has never been as intense. The SEC is ramping up its oversight of public company cybersecurity, including through a recent enforcement action against a Chief Information Security Officer, and by issuing a sweeping set of new Final Rules governing disclosure of material cybersecurity incidents. Compliance dates under the Final Rules are here, and companies may be grappling with major questions, including: What is a “cybersecurity incident”? What is “material”? To what extent will the SEC be seeking to hold individuals liable for cyber violations and not solely their employers? How should companies and their personnel implement the requirements of the Final Rules and prepare for related risks? This article provides guidance on each of these questions and outlines steps companies can take from a compliance perspective to prepare for and address cybersecurity incidents.

Keywords: Forms 8-K, 6-K; “Cybersecurity Incident” and “Cybersecurity Threat”; Materiality and Cybersecurity Disclosure

Affiliations:  1: Pillsbury Winthrop Shaw Pittman LLP (DC); 2: Pillsbury (NY); 3: Pillsbury (NY).