On May 21, 2024, U.S. Securities and Exchange Commission Director of the Division of Corporation Finance Erik Gerding issued a statement clarifying when the SEC expects companies to disclose a cyber incident. This clarification helps guide public companies who wish to disclose a cyber incident but who have not yet determined if the incident is

Since the Securities and Exchange Commission’s Cybersecurity Incident Disclosure Rule (SEC Rule) took effect Dec. 18, 2023, about a dozen companies have filed a Form 8-K reporting a material cybersecurity incident. This GT Alert discusses the trends on how companies have made these disclosures thus far. In short, the companies who have filed an 8-K

Jena M. Valdetero, Co-Chair of the firm’s Data Privacy and Cybersecurity Practice, and Steven M. Malina, a member of GT’s Litigation Practice, were quoted in a Dark Reading article titled “Orgs Face Major SEC Penalties for Failing to Disclose Breaches.”

Click here to read the full article, published by Dark Reading

As detailed in our July 2023 GT Alert, the Securities and Exchange Commission (SEC) now requires public companies to file a Form 8-K and disclose a material cybersecurity incident within four days of determining the incident’s materiality. Form 8-K Item 1.05(c) includes an exception to the four-day requirement: where disclosure poses a substantial risk

Greenberg Traurig Shareholders Jena M. Valdetero, Co-Chair of the U.S. Data Privacy & Cybersecurity Practice, and Steven M. Malina will present the Thomson Reuters West LegalEdcenter and Celesq webinar, “Keeping up with the SEC: Unpacking the New Public Company Cybersecurity Rule and Enforcement,” on Friday, Dec. 1 at 12:00 p.m. EST.

This

In a Halloween-eve move sure to send shivers down the spines of every public company’s CISO, on Oct. 30, the SEC filed a securities fraud complaint targeting SolarWinds’ CISO in the wake of their major December 2020 data security incident. The SEC alleges SolarWinds and its CISO committed securities fraud in connection with multiple public

On July 26, 2023, the SEC proposed new rules applicable to registered investment advisers and broker-dealers intended to prevent and neutralize the effects of certain conflicts of interest relating to the use of predictive data analytics (PDA), natural language processing (NLP), artificial intelligence (AI) and other “covered technologies” in interactions with clients. Click here to

Continuing its focus on cybersecurity, on March 9, 2022, in a party-line vote, the SEC proposed rules and amendments governing cybersecurity reporting requirements for public companies subject to the Securities Exchange Act of 1934.

Click here to read the full GT Alert.

On Feb. 9, 2022, the SEC released its long-awaited proposed cybersecurity rule, and there’s a lot to unpack. As GT reported previously, the SEC increased enforcement of cybersecurity compliance in 2021. As recently as Jan. 24, 2022, Chair Gary Gensler made cybersecurity the focus of his speech at Northwestern Law School’s Securities Regulation