In an article for Cybersecurity Law Report, litigation & enforcement partner Amy Jane Longo commented on the SEC’s new cybersecurity risk management rules for public companies.
“It’s worth noting that the SEC Enforcement Division prioritized cybersecurity in 2023 and will likely continue to do so in the coming months and years, particularly given the additional disclosure requirements imposed by the new rules,” Amy said.
She noted the Form 8-K disclosure will be one of the biggest challenges posed by the Rule. “Complicated data breaches can have significant dwell time and it is often difficult to determine at what point a company faces a material cybersecurity issue as opposed to a smaller exploitation.” The new disclosure requirement may “inadvertently compel companies to over-disclose, or to include inaccurate information about a data breach, all in an effort to avoid potential SEC enforcement consequences.”
“Companies should establish a relationship with the ‘cybersquad’ at their local FBI field office as soon as possible, and implement proactive steps “to best situate themselves for compliance with the Rules,” said Amy.
Stay Up To Date with Ropes & Gray
Ropes & Gray attorneys provide timely analysis on legal developments, court decisions and changes in legislation and regulations.
Stay in the loop with all things Ropes & Gray, and find out more about our people, culture, initiatives and everything that’s happening.
We regularly notify our clients and contacts of significant legal developments, news, webinars and teleconferences that affect their industries.