On May 21, 2024, Erik Gerding, the Director of the Division of Corporation Finance at the U.S. Securities and Exchange Commission (SEC), released a statement (statement) on the disclosure of cybersecurity incidents. This statement relates to disclosures made under new Item 1.05 of Form 8-K, which was adopted by the SEC in July 2023,[1] and requires companies to disclose information relating to material cybersecurity incidents within four business days of determining that the incident is material. For more information on the cybersecurity rules, please see our previous Client Alert.Continue Reading Corp Fin Issues Guidance on Disclosure of Cybersecurity Incidents

As a follow up to yesterday’s post, our recent Client Alert discusses new guidance from the FBI, DOJ, and SEC on requesting a delay to Form 8-K disclosures for material cybersecurity incidents that pose a substantial risk to national security or public safety.  Our client alert discusses the process the FBI has established to request the delay, the approach the DOJ will take when evaluating whether to authorize the delay, and new Compliance and Disclosure Interpretations (CDIs) issued by the SEC’s Division of Corporation Finance regarding this national security and public safety exception.

Continue Reading New Guidance on Delayed Disclosure of Material Cybersecurity Incidents

In July 2023, the U.S. Securities and Exchange Commission (SEC) adopted final rules requiring that public companies report material cybersecurity incidents under new Item 1.05 of Form 8-K, and disclose information regarding their cybersecurity risk management, strategy, and governance in annual reports on Form 10-K. Foreign private issuers are subject to similar disclosure requirements in Forms 6-K and 20-F. Although the final rules were effective this past September, the SEC provided for transition periods for compliance with the new disclosure requirements, which transition periods will end soon.

Continue Reading Reminder: Material Cybersecurity Incident Reporting Required December 18, 2023

Join Wilson Sonsini for its 2023 Public Company General Counsel Webinar Series. Throughout November, Wilson Sonsini will host three virtual sessions on new SEC governance and disclosure requirements, including clawback policies, cybersecurity governance and disclosure, and share repurchase disclosure. To attend any of the three sessions, please register here.

Continue Reading Webinar Series Alert | Navigating New SEC Rules: November 1, 15, 29

Partner Tamara Brightwell recently joined the Diligent Institute to discuss the 2023 proxy season and recent regulatory developments at the SEC. She discussed a broad range of topics, including takeaways from this past proxy season, the SEC’s new cybersecurity disclosure rules, and considerations for public company boards in light of

Continue Reading Inside Today’s Boardrooms | 2023 Proxy Season and Regulatory Recap

On July 19, 2023, the U.S. Securities and Exchange Commission (SEC) announced that it will hold an open meeting on Wednesday, July 26, 2023, to consider whether to adopt rules to enhance and standardize disclosures regarding cybersecurity risk management, strategy, governance, and incidents by public companies that are subject to

Continue Reading SEC Announces Open Meeting to Consider Cybersecurity Rules

The U.S. Securities and Exchange Commission’s (SEC) 2023 Spring Unified Agenda of Regulatory and Deregulatory Actions was released last month and includes an anticipated action date for finalizing rules for cybersecurity disclosure by public companies by October 2023. Our recent Client Alert, published by our Privacy and Cybersecurity practice

Continue Reading Preparing for the SEC’s Cybersecurity Disclosure Rules