Law.com Subscribers SAVE 30%

Call 855-808-4530 or email [email protected] to receive your discount on a new subscription.

Potential Legal Pitfalls for Public Companies Due to SEC's New Cybersecurity Rules

By Tommy Smith
August 01, 2023

The Security and Exchange Commission's (SEC) march toward putting stringent cybersecurity disclosure requirements in place for public companies and covered entities reached its endpoint last month. Some 16 months after first proposing rules for public companies and investment advisors, the SEC adopted new rules, chief among them that public companies disclose material cybersecurity breaches to investors within four days.

As SEC Chair Gary Gensler explained in a press release, "Whether a company loses a factory in a fire — or millions of files in a cybersecurity incident — it may be material to investors. Currently, many public companies provide cybersecurity disclosure to investors. I think companies and investors alike, however, would benefit if this disclosure were made in a more consistent, comparable, and decision-useful way." But as John Loyal and Jerry Bessette explain, the reporting rule carries with it potential plusses and minuses — among the latter, the potential to misinform investors and hinder the process of containing the breach.

Incident Disclosure and Timing

One of the standout elements of the new rules is an amendment to Form 8-K, which is used to notify investors of specific events—think a departing CEO or bankruptcy filing—that are too time-sensitive to be held until quarterly or annual reports. The discovery of a material cybersecurity incident will now be an event that requires an Item 1.05 Form 8-K filing within four business days of a public company determining the cybersecurity incident was material (as opposed to when it was first discovered). The one exception permitted is if the United States Attorney General notifies the SEC that such an immediate disclosure would pose a substantial risk to national security or public safety.

This premium content is locked for Entertainment Law & Finance subscribers only

  • Stay current on the latest information, rulings, regulations, and trends
  • Includes practical, must-have information on copyrights, royalties, AI, and more
  • Tap into expert guidance from top entertainment lawyers and experts

For enterprise-wide or corporate acess, please contact Customer Service at [email protected] or 877-256-2473

Read These Next
Major Differences In UK, U.S. Copyright Laws Image

This article highlights how copyright law in the United Kingdom differs from U.S. copyright law, and points out differences that may be crucial to entertainment and media businesses familiar with U.S law that are interested in operating in the United Kingdom or under UK law. The article also briefly addresses contrasts in UK and U.S. trademark law.

The Article 8 Opt In Image

The Article 8 opt-in election adds an additional layer of complexity to the already labyrinthine rules governing perfection of security interests under the UCC. A lender that is unaware of the nuances created by the opt in (may find its security interest vulnerable to being primed by another party that has taken steps to perfect in a superior manner under the circumstances.

Strategy vs. Tactics: Two Sides of a Difficult Coin Image

With each successive large-scale cyber attack, it is slowly becoming clear that ransomware attacks are targeting the critical infrastructure of the most powerful country on the planet. Understanding the strategy, and tactics of our opponents, as well as the strategy and the tactics we implement as a response are vital to victory.

Legal Possession: What Does It Mean? Image

Possession of real property is a matter of physical fact. Having the right or legal entitlement to possession is not "possession," possession is "the fact of having or holding property in one's power." That power means having physical dominion and control over the property.

The Anti-Assignment Override Provisions Image

UCC Sections 9406(d) and 9408(a) are one of the most powerful, yet least understood, sections of the Uniform Commercial Code. On their face, they appear to override anti-assignment provisions in agreements that would limit the grant of a security interest. But do these sections really work?