It is no secret among public companies and their counsel that the US Securities and Exchange Commission has steadily adopted a more aggressive stance on cybersecurity controls and disclosure and incident response recordkeeping. SEC Senior Counsel Arsen Ablaev recently highlighted the Commission’s cybersecurity priorities at the annual Incident Response Forum Masterclass. SEC Chair Gary Gensler also emphasized risks in cyber and information security in the March 29 budget hearing with the House Appropriations Committee, and endorsed U.S. President Joe Biden’s request to earmark a record $2.4 billion in funding for the regulator in 2024. Last month saw yet another example of the SEC’s mounting focus on cyber disclosures as an enforcement priority with the announcement that cloud computing company Blackbaud agreed to pay a $3-million civil penalty to settle administrative charges for alleged “materially misleading disclosures” about a 2020 ransomware attack.
As we foreshadowed in our 2023 U.S. Cybersecurity and Data Privacy Outlook and Review, the increase in SEC enforcement resources (e.g., doubling the size of its Crypto Assets and Cyber Unit Ablaev sits in), in combination with the promulgation of cybersecurity risk management, strategy, governance, and incident disclosure rules Ablaev confirmed will be finalized in coming months, signal that cybersecurity will continue to be an area of heightened enforcement activity for the SEC. In light of these developments, it is critical companies take stock of their cyber hygiene policies and incident response protocols, and not only manage cybersecurity risks and prevent attacks, but also respond to them with proper disclosures.
Ablaev at Incident Response Forum: SEC’s Priorities and Blackbaud as a Masterclass In What Not To Do
This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.
To view this content, please continue to their sites.
Not a Lexis Subscriber?
Subscribe Now
Not a Bloomberg Law Subscriber?
Subscribe Now
LexisNexis® and Bloomberg Law are third party online distributors of the broad collection of current and archived versions of ALM's legal news publications. LexisNexis® and Bloomberg Law customers are able to access and use ALM's content, including content from the National Law Journal, The American Lawyer, Legaltech News, The New York Law Journal, and Corporate Counsel, as well as other sources of legal information.
For questions call 1-877-256-2472 or contact us at [email protected]
