“The SEC is inching closer to clarity on cybersecurity requirements” by Jonathan D. Uslaner and Jasmine Cooper-Little Published in Reuters
April 20, 2023
In this Reuters article, “The SEC is inching closer to clarity on cybersecurity requirements,” BLB&G Partner Jon Uslaner and Associate Jasmine Cooper-Little consider the SEC’s promising start in protecting investors from harmful cyber incidents, and the department’s cybersecurity-focused agenda.
In 2022, the SEC nearly doubled the size of its Enforcement Division's Cyber and Crypto Assets Unit. Since that time, the unit has brought enforcement actions against several SEC-regulated entities for failing to maintain adequate cybersecurity controls and for failing to appropriately disclose cyber-related risks and incidents. Jon and Jasmine note that the SEC is also bringing forth enforcement actions against individuals for wrongdoing related to cybersecurity breaches. These SEC enforcement actions have resulted in charges, fines, and settlements for both groups.
At present, shareholders await the SEC’s decision regarding a rule proposed in March 2022, which, among other things, would: (1) further enhance and standardize disclosure requirements regarding cybersecurity risk management, strategy, governance, and incident reporting, (2) require public companies to report material cybersecurity incidents on Form 8-K, (3) mandate periodic disclosures regarding a registrant's policies and procedures to identify and manage cybersecurity risks, management's role in implementing cybersecurity policies and procedures, and the board of directors' cybersecurity expertise, if any, and (4) require companies to provide updates about previously reported cybersecurity incidents.
Jon and Jasmine also evaluate the SEC’s continuing momentum. Most notably, in March 2023, the agency reopened the comment period for proposed rules and amendments related to cybersecurity risk management and cybersecurity-related disclosure for registered investment advisers, registered investment companies, and business development companies. The SEC’s energetic pursuit of a more cohesive cybersecurity regulatory regime continues, but the implications for the regulated entities and public companies under its jurisdiction remains to be seen.
- Publications "Nasdaq's Board Diversity Rules: Inclusivity is Good Business" by Jonathan D. Uslaner and Thomas Sperber Published in Reuters February 15, 2022 Learn More
- Publications “2022 Developments for Auditor Regulation Under the U.S. Securities Laws” by John Rizio-Hamilton, Jesse L. Jensen, and Jasmine Cooper-Little Published in The Review of Securities & Commodities Regulation January 27, 2023 Learn More
- Publications "Forewarned is forearmed: shareholders to benefit from new SEC climate disclosure rules" by Jonathan D. Uslaner Published in Reuters May 9, 2022 Learn More
- Publications “The SEC's run at revamping Rule 10b5-1 to deter insider trading” by Jonathan D. Uslaner and Caitlin Bozman Published in Reuters January 26, 2023 Learn More
- Publications "SEC Whistleblower Program Seeing Renewed Support Under Biden Administration" by Jonathan Uslaner and Lauren Cruz Published in Reuters November 29, 2021 Learn More
- Publications "Will the SEC's proposed climate risk disclosure rules survive Supreme Court scrutiny?" by Jonathan D. Uslaner and Will Horowitz Published in Reuters August 9, 2022 Learn More
- Publications "Gaming the System: Corporate Disclosures and Information Bundling" by Jonathan D. Uslaner published in Reuters September 9, 2021 Learn More
- Publications "Is any lead plaintiff better than no lead plaintiff? Some courts say no" by Jonathan D. Uslaner and Scott Foglietta Published in Reuters October 26, 2022 Learn More