In the New York Law Journal, Cybersecurity Attorneys Analyze the SEC’s Role in Corporate Governance
In a New York Law Journal article, data, privacy & cybersecurity partner Ed McNicholas and associate Briana Fasone, examined how the SEC’s punitive approach to cybersecurity risk in its proposed regulations may be harmful to advancing cybersecurity at public companies and regulated entities.
“The SEC certainly has a role to play in cybersecurity, and the agency should be lauded for its focus on corporate governance,” said the authors. Nevertheless, “instead of taking a punitive approach to regulating entities victimized by a cyberattack, the SEC should instead strive to cooperate with firms managing such crises, providing, for example, safe harbors for entities that comply with approved security standards. This would effectively enhance cybersecurity, encourage the implementation of sound cyber hygiene rules, and cut down on frivolous enforcement actions so the SEC can focus on matters involving real misconduct.”