SEC Cybersecurity Disclosure Rules Archives

New SEC Disclosure Rules Can Help Cybersecurity: Lessons from SolarWinds

William Gamble November 30, 2023

The SEC (Securities and Exchange Commission) voted to accept a final rule on cybersecurity risk management, strategy, governance, and incident disclosure on July 26, 2023. The rule covered disclosures in Form 10-K for annual disclosures and Form 8-K for ongoing …

[Continue Reading...]

SEC Relies on Old Cause of Action for New Hack

William Gamble November 16, 2023

On October 30, 2023, the SEC (Securities and Exchange Commission) filed an action against SolarWinds and its CISO, Timothy Brown. This was hardly a surprising move. According to public statements, the Russian intelligence service, the SVR, used a new and …

[Continue Reading...]

SEC Charges SolarWinds and its CISO with Fraud

Neil Ford November 3, 2023

The SEC (Securities and Exchange Commission) has charged the software company SolarWinds and its CISO (chief information security officer), Timothy G. Brown, with fraud and internal control failures relating to its cybersecurity practices. In a press release dated October 30, …

[Continue Reading...]

An Introduction to the SEC Cybersecurity Disclosure Rules and Who Needs to Comply

Neil Ford October 26, 2023

On July 26, 2023, the SEC (Securities and Exchange Commission) adopted new rules on cybersecurity disclosures. They came into effect on September 5, and begin to apply from December 15 – although compliance dates vary depending on the type of …

[Continue Reading...]