Photo of Anna T. Pinedo

Anna Pinedo is a partner in Mayer Brown’s New York office and a member of the Corporate & Securities practice. She concentrates her practice on securities and derivatives. Anna represents issuers, investment banks/financial intermediaries and investors in financing transactions, including public offerings and private placements of equity and debt securities, as well as structured notes and other hybrid and structured products.

Read Anna's full bio.

On July 26, 2023, the U.S. Securities and Exchange Commission (the “SEC”) issued a release, adopting final rules (the “Final Rules”) aimed at standardizing and enhancing disclosure relating to cybersecurity incidents and risk management processes. The SEC had proposed rules (the “Proposed Rules”) on March 9, 2022. The Final Rules reflect the considerable comments received

On March 9, 2023, the Securities and Exchange Commission (“SEC”) announced that Blackbaud Inc. (“Blackbaud”) agreed to pay $3 million to settle charges for alleged misleading disclosures about its 2020 ransomware attack and for alleged disclosure control failures.1

Blackbaud, a South Carolina-based company that provides data management software to colleges, universities, and non-profit organizations,

On March 9, 2022, the U.S. Securities and Exchange Commission (the “SEC”) released proposed amendments (the “Proposed Amendments”) aimed at enhancing and standardizing disclosure relating to cybersecurity risks and incidents. Under the existing regulatory framework, neither Regulation S-K nor Regulation S-X expressly requires that cybersecurity risk management procedures, cybersecurity risks or incidents be disclosed. However,

On March 9, 2022, the US Securities and Exchange Commission (SEC) voted 3-1 to propose new rules and amendments under the Securities Exchange Act of 1934 that would constitute the SEC’s first attempt to adopt specific rules to comprehensively regulate cybersecurity risk management, strategy, governance and incident reporting for public companies (“registrants”). The stated goals

This practice note identifies cybersecurity risk disclosures that offer detailed discussions on the potential reputational, financial, or operational harm resulting from cybersecurity breaches as well as the potential litigation or regulatory costs, policies, and procedures in addressing cybersecurity risks. This piece concludes with practical advice on how to prepare and enhance the required disclosures on

On February 21, 2018, the US Securities and Exchange Commission (SEC) published interpretive guidance to assist public companies in preparing disclosures about cybersecurity risks and incidents.1 The guidance updates and expands upon CF Disclosure Guidance: Topic No. 22, which was issued by the staff of the SEC’s Division of Corporation Finance (Staff)