On March 31, 2025, members of the U.S. House of Representatives Committee on Financial Services sent a letter to Mark Uyeda, Acting Chairman of the U.S. Securities and Exchange Commission. Seeking to “undo the damage from former Chairman Gary Gensler’s tenure,” the letter requests that the SEC withdraw fourteen final and proposed rules, including both the SEC’s Pay Versus Performance rules (adopted August 2022) and rules related to Cybersecurity Risk Management, Strategy, Governance and Incident Disclosure (adopted July 2023). The SEC may withdraw adopted rules pursuant to the Administrative Procedure Act, which generally involves a public notice and comment period. It will be interesting to see the response of incoming SEC Chairman Paul Atkins. Stay tuned.
On October 22, 2024, the Securities and Exchange Commission charged four companies with making materially misleading disclosures about their cybersecurity risks. Each of the companies—Unisys Corp., Avaya Holdings Corp., Check Point Software Technologies Ltd., and Mimecast Limited—agreed to pay hefty monetary penalties to settle the SEC’s charges.
The fines follow a lengthy investigation by the SEC into public companies affected by the 2020 SolarWinds breach, one of the most widespread cyberattacks to date. The attack, largely believed to have been carried out by ...
On March 9, 2022, the Securities and Exchange Commission (“SEC”) proposed amendments to rules to expand and standardize disclosures regarding cybersecurity risk management, strategy, governance, and incident reporting by public companies. The proposed rules respond to investor concerns related to the growing prevalence of cybersecurity incidents, the increasingly sophisticated methods of cyber criminals in executing their attacks, and the susceptibility of public companies of all sizes operating in all industries to cybersecurity incidents that can stem from ...
On August 16, 2021, the Securities and Exchange Commission imposed a cease-and-desist order and a $1 million civil penalty on Pearson plc, finding violations of the negligence-based antifraud provisions of the Securities Act.
On February 20, 2018, the Securities and Exchange Commission (SEC) issued interpretive guidance to assist public companies in preparing disclosures about cybersecurity risks and incidents. This guidance indicates that the SEC is expecting more robust cybersecurity-related disclosures in the filings of public companies and encourages companies to implement comprehensive cybersecurity policies and procedures.
This post is a follow-up to January’s cybersecurity post discussing the cybersecurity considerations in performing due diligence in M&A transactions. The previous discussion can be found here. This post addresses two contractual provisions, the closing conditions and indemnification, which, if properly utilized, can protect acquiring companies from taking on too much cybersecurity risk in M&A transactions.
In today’s M&A transactions, cybersecurity deficiencies in a target company pose potentially significant financial and regulatory risks to the acquiring company. For this reason, new measures must be implemented in M&A transactions to protect both companies from today’s emerging cybersecurity epidemic.
Cyber insurance
The risk of a data breach now tops the list of concerns of many in-house counsel and C-suite executives. Cyber insurance is an important component in managing this risk and mitigating the damages and loss that follow a data breach.
Topics/Tags
Select- SEC
- Securities Regulation
- Securities Law
- Corporate Transparency Act
- Cybersecurity and Privacy Law
- Clawback Rules
- Nasdaq
- House Settlement
- NCAA
- NIL
- Sports
- Corporate Law
- IRS
- Coronavirus
- Tax Planning
- Cybersecurity Regulation
- EDGAR
- EDGAR Next
- SEC Enforcement
- Taxation
- Dodd-Frank
- Mergers & Acquisitions
- Paycheck Protection Program
- JOBS Act
- Corporate Tax
- Corporate Governance
- FAST Act
- Consumer Protection Act
- Economic Sanctions
- Ohio LLC Act
- Proxy Access Rules
- Securities Litigation
- Crowdfunding
- Conflict Minerals
- Cryptocurrency
- Hedging
- Real Estate Law
- Emerging Growth Companies
- Investors
- Pay Ratio Disclosure
- Whistleblower
- Private Offerings
- Intellectual Property
- Technology
- Opportunity Zone
- LIBOR
- Executive Compensation
- Health Care Act
- Accredited Investors
- Sales Tax
- United States Supreme Court
- Online Trading Platforms
- Wall Street Reform
- IPO
- Registration Statement
- Annual Reports
- Family-Controlled Entities
- Gift and Estate Transfers
- Ohio Foreclosure Reform
- Director Compensation
- Board of Directors
- Director Independence
- Cyber Insurance
- Data Breach
- Regulation A
- Regulation D
- Total Shareholder Return
- Lenders
- Receivership Statute
- Compensation Committee Certification
- CDEs
- CDFI Fund
- Community Development Entities
- Community Development Financial Institutions Fund
- Government Shutdown
- New Markets Tax Credit
- NMTC
- NMTC Financing
- Regulation Fair Disclosure
- Social Media
- Benefits
- Healthcare Reform
- Litigation
- Marketing
- Public Company Transition Rules
- Employment Incentives
- HIRE Act
- Social Security Tax
- Tax Credit
Recent Posts
- Ninth Circuit Warning: Silence in the Face of SEC Comment Letters May Bolster Section 12(a)(2) Claims
- House Settlement Approved: College Sports Transition into a New but Familiar Legal Era
- Checking the Box(es): SEC Issues New Guidance Clarifying Clawback Expectations
- Pay vs. Performance and Cybersecurity Disclosure Rules: Will the SEC Retract Rulemaking?
- Corporate Transparency Act Update: FinCEN Eliminates Reporting Obligations for U.S. Companies and U.S. Persons
- Corporate Transparency Act Update: FinCEN Will Not Enforce the CTA Until Interim Rule is Effective
- Corporate Transparency Act Update: Injunction Lifted - Corporate Transparency Act Back in Effect
- Corporate Transparency Act Update: FinCEN Says Reporting Obligations Remain On Hold
- Next Up in 2025: EDGAR Next
- Corporate Transparency Act Update: Supreme Court Stays Nationwide Injunction – CTA Reporting Obligations Back in Effect