SEC Adopts Cybersecurity Regulations – On July 26, 2023, the Securities and Exchange Commission (SEC) adopted rules requiring disclosure of material cybersecurity incidents as well as periodic disclosure of cybersecurity risk management, strategy, and governance in annual reports for public companies that are subject to the reporting requirements of the Securities Exchange Act of 1934.
• Public companies will be required to disclose “any cybersecurity incident they determine to be material” under new Item 1.05 of Form 8-K.
• Public companies will need to describe their processes for assessing, identifying, and managing material risks from cybersecurity threats and disclose whether any previous cybersecurity incidents have materially affected (or are likely to materially affect) the company under new Item 106 of Regulation S-K.
• These new regulations also impact how corporate boards are informed of cyber risks and incidents, and how they integrate cyber risk and incident response into an overall risk management framework for the corporation.
• Your may be the one talking to the Board (or at the very least, talking to the person who will be talking to the Board)
• All of this is colored by the indictment of SolarWinds’ CISO being indicted for fraud and internal control failures related to that company’s cybersecurity practices that preceded the 2020 cyberattack on SolarWinds.
Colin Zick, Partner, Foley Hoag LLP
Colin J. Zick is a partner with the law firm, Foley Hoag LLP, where he serves as Co-Chair of its Privacy and Data Security practice group. He counsels clients ranging from the Fortune 1000 to start-ups on issues involving information privacy and security, including compliance with state, federal and international data privacy and security laws and government enforcement actions.
Chris Hart, Partner, Foley Hoag LLP
Chris Hart is an experienced civil litigator and human rights lawyer with a focus on cybersecurity and global data protection. As co-chair of Foley Hoag’s Privacy and Data Security practice, Chris counsels clients—on data privacy and cybersecurity compliance, incident response, government investigations, and litigation stemming from an organization’s data management and governance practices.
Who Can Attend:
Open to anyone
Enterprise cybersecurity professionals