On March 9, 2022, the U.S. Securities and Exchange Commission (the “SEC”) released proposed amendments (the “Proposed Amendments”) aimed at enhancing and standardizing disclosure relating to cybersecurity risks and incidents. Under the existing regulatory framework, neither Regulation S-K nor Regulation S-X expressly requires that cybersecurity risk management procedures, cybersecurity risks or incidents be disclosed. However,

On June 11, 2021, the US Securities and Exchange Commission (“SEC” or “Commission”) announced that it would focus on cybersecurity disclosures made by public companies as part of its regulatory agenda. Given the SEC’s continued interest in cybersecurity issues, high-profile ransomware attacks and executive orders issued by President Biden, it is no surprise that the

This practice note identifies cybersecurity risk disclosures that offer detailed discussions on the potential reputational, financial, or operational harm resulting from cybersecurity breaches as well as the potential litigation or regulatory costs, policies, and procedures in addressing cybersecurity risks. This piece concludes with practical advice on how to prepare and enhance the required disclosures on

On June 11, 2021, the US Securities and Exchange Commission (“SEC” or “Commission”) announced that it would focus on cybersecurity disclosures made by public companies as part of its regulatory agenda.1 Given the SEC’s continued interest in cybersecurity issues, high-profile ransomware attacks and executive orders issued by President Biden, it is no surprise

This market trends article identifies comprehensive disclosures related to cybersecurity risks, including discussions about the potential reputational, financial, or operational harm resulting from cybersecurity breaches; the potential associated litigation or regulatory costs; and their policies and procedures addressing cybersecurity incidents, and concludes with practical advice on preparing the required disclosures regarding cybersecurity risks and incidents.

On February 21, 2018, the US Securities and Exchange Commission (SEC) published interpretive guidance to assist public companies in preparing disclosures about cybersecurity risks and incidents.1 The guidance updates and expands upon CF Disclosure Guidance: Topic No. 22, which was issued by the staff of the SEC’s Division of Corporation Finance (Staff)

The compliance date is fast approaching for the US Securities and Exchange Commission’s recently adopted amendments to Form ADV. Initial or amended Form ADVs filed on or after October 1, 2017 (with limited exception, as discussed in this Legal Update) must comply with the amendments. Among other things, the amendments require advisers to provide additional