Understanding the New SEC Requirements for Cybersecurity Incident Reporting - McDermott Will & Emery
MWE Logo
|

Understanding the New SEC Requirements for Cybersecurity Incident Reporting

Overview



During this webinar, Partners Stephen Reynolds and Dan Woodard and Associate Charles Darantiere discussed the new US Securities and Exchange Commission (SEC) disclosure requirements for cybersecurity incidents.

Top takeaways from the webinar include:

  • When a public company experiences a cybersecurity incident, response procedures should be implemented promptly, including early communications with law enforcement.
  • Disclosure on Form 8-K are not required until a materiality determination has been made; public companies should make such determination without unreasonable delay, in consultation with external advisors and law enforcement.
  • Materiality determinations should involve careful consideration of both quantitative and qualitative factors, with contemporaneous documentation of such analysis.
  • When providing disclosure on Form 8-K, public companies should avoid specifying metrics or facts that are subject to ongoing change to avoid misleading omissions or the creation of a duty to update.

Stay Connected

Subscribe Follow Us on LinkedIn Contact Us

Dig Deeper

Washington, DC / Speaking Engagements / October 23-25, 2024

Privacy + Security Forum Fall Academy 2024

Los Angeles, CA / Speaking Engagements / September 21-22, 2024

IAPP Privacy. Security. Risk. 2024

Webinar / McDermott Webinar / September 18, 2024

Privacy Legislation: What to Know from 2024 and Predictions for 2025

Webinar / McDermott Event / September 12, 2024

The Data Act: Myths, Realities and Uncertainties

Cambridge, United Kingdom / Speaking Engagements / July 1-3, 2024

Privacy Laws & Business | 37th International Conference

Trier, Germany / Speaking Engagements / June 3-12, 2024

ERA Young Lawyers European Academy

Get In Touch