Understanding the New SEC Requirements for Cybersecurity Incident Reporting - McDermott Will & Emery

Understanding the New SEC Requirements for Cybersecurity Incident Reporting

Overview




During this webinar, Partners Stephen Reynolds and Dan Woodard and Associate Charles Darantiere discussed the new US Securities and Exchange Commission (SEC) disclosure requirements for cybersecurity incidents.

Top takeaways from the webinar include:

  • When a public company experiences a cybersecurity incident, response procedures should be implemented promptly, including early communications with law enforcement.
  • Disclosure on Form 8-K are not required until a materiality determination has been made; public companies should make such determination without unreasonable delay, in consultation with external advisors and law enforcement.
  • Materiality determinations should involve careful consideration of both quantitative and qualitative factors, with contemporaneous documentation of such analysis.
  • When providing disclosure on Form 8-K, public companies should avoid specifying metrics or facts that are subject to ongoing change to avoid misleading omissions or the creation of a duty to update.

Dig Deeper

Coral Gables, FL / Speaking Engagements / November 13-15, 2024

Consero's Chief Privacy Officer Forum

New Orleans, LA / Speaking Engagements / November 6-8, 2024

Cambridge Forum on Health Data Privacy & Emerging Issues

San Francisco, CA / McDermott Event / October 29, 2024

Founder and Investor Happy Hour During TechCrunch Disrupt 2024

Washington, DC / Speaking Engagements / October 23-25, 2024

Privacy + Security Forum Fall Academy 2024

Get In Touch