Six months after the SEC’s Cybersecurity Incident Disclosure Rule (SEC Rule) came into force, an April 2024 GT Alert summarized disclosure trends. The GT Alert identified that the companies who filed a mandatory form 8-K disclosing a cybersecurity incident had erred on the side of caution, hedged on whether the materiality threshold had been met

On Oct. 22, 2024, the SEC announced settled administrative actions against four current or formerly public technology companies, finding that the companies all made materially misleading disclosures to investors in their periodic filings concerning the impact of the 2020 SolarWinds breach on their businesses. 

Continue reading the full GT Alert.

Greenberg Traurig Shareholder, Jena M. Valdetero, U.S. Co-chair of the Data Privacy & Cybersecurity Group, will present the Strafford webinar, “SEC Cybersecurity Enforcement Authority After SolarWinds Ruling: Mitigating Exposure to Securities Fraud Liability,” on Oct. 9. This webinar will discuss the important cybersecurity points. Including the Southern District of New York’s ruling

Global law firm Greenberg Traurig, LLP continues the expansion of its White Collar Defense & Investigations Practice with the addition of Tracy S. Combs in the San Francisco office. During Combs’ eight-year tenure at the Securities & Exchange Commission (SEC), she served in a variety of roles in Salt Lake City and San Francisco

A U.S. district court dismissed all the SEC’s securities fraud and false filings claims against SolarWinds and its Chief Information Security Officer (CISO) Timothy Brown regarding the adequacy of cyberattack disclosures, finding that the SEC had impermissibly relied on “hindsight and speculation” to find those disclosures fraudulent. The court also dismissed the SEC’s claims that

On May 16, 2024, the U.S. Securities and Exchange Commission finalized amendments to Regulation S-P (the Amendments) that largely adopt the proposed amendments the SEC issued in 2023. As discussed in further detail below, the Amendments will require broker-dealers, investment companies, SEC-registered investment advisers, funding portals, and transfer agents registered with the SEC or other

On May 21, 2024, U.S. Securities and Exchange Commission Director of the Division of Corporation Finance Erik Gerding issued a statement clarifying when the SEC expects companies to disclose a cyber incident. This clarification helps guide public companies who wish to disclose a cyber incident but who have not yet determined if the incident is

Jena M. Valdetero, Co-Chair of the firm’s Data Privacy and Cybersecurity Practice, and Steven M. Malina, a member of GT’s Litigation Practice, were quoted in a Dark Reading article titled “Orgs Face Major SEC Penalties for Failing to Disclose Breaches.”

Click here to read the full article, published by Dark Reading

  1. Cybersecurity Rules by the SEC and the EU – Both the Security and Exchange Commission’s public company cybersecurity disclosure and breach notification rules as well as the implementation of the EU NIS 2 Directive will drive increased focus from management and the board on cybersecurity risks, preventive measures, and incident response. Expect to see another