On July 26, 2023, the U.S. Securities and Exchange Commission (the “SEC”) issued a release, adopting final rules (the “Final Rules”) aimed at standardizing and enhancing disclosure relating to cybersecurity incidents and risk management processes. The SEC had proposed rules (the “Proposed Rules”) on March 9, 2022. The Final Rules reflect the considerable comments received
Securities and Exchange Commission (SEC)
Blackbaud Inc. to Pay $3 Million to SEC for Alleged Misleading Disclosures in 2020 Ransomware Attack
On March 9, 2023, the Securities and Exchange Commission (“SEC”) announced that Blackbaud Inc. (“Blackbaud”) agreed to pay $3 million to settle charges for alleged misleading disclosures about its 2020 ransomware attack and for alleged disclosure control failures.1
Blackbaud, a South Carolina-based company that provides data management software to colleges, universities, and non-profit organizations,…
US SEC Cyber Risk Management Proposed Rules: Analysis for Investment Advisers, Investment Companies, BDCs and Broader Implications for Private Sector
On February 9, 2022, the Securities Exchange Commission (“SEC” or “Commission”) voted 3-1 to propose rules, forms and amendments concerning cybersecurity risk management, as well as registered investment adviser and fund disclosures. As we have previously discussed, the proposal under the Investment Advisers Act of 1940 (Advisers Act) and the Investment Company Act of…
SEC Proposes New Rules on Public Company Cybersecurity Disclosures
On March 9, 2022, the U.S. Securities and Exchange Commission (the “SEC”) released proposed amendments (the “Proposed Amendments”) aimed at enhancing and standardizing disclosure relating to cybersecurity risks and incidents. Under the existing regulatory framework, neither Regulation S-K nor Regulation S-X expressly requires that cybersecurity risk management procedures, cybersecurity risks or incidents be disclosed. However,…
SEC Proposes Amendments That Would Place New Cybersecurity Reporting and Disclosure Requirements on Public Companies
On March 9, 2022, the US Securities and Exchange Commission (SEC) voted 3-1 to propose new rules and amendments under the Securities Exchange Act of 1934 that would constitute the SEC’s first attempt to adopt specific rules to comprehensively regulate cybersecurity risk management, strategy, governance and incident reporting for public companies (“registrants”). The stated goals…
SEC Proposals Would Significantly Impact Private Fund Advisers and Impose New Cybersecurity Requirements on Registered Advisers and Funds, including BDCs
On February 9, 2022, the US Securities and Exchange Commission (SEC) voted to propose several new rules and amendments to existing rules that would significantly alter the current requirements for investment advisers and funds, with one proposal specifically focused on private funds and the other focused on cybersecurity.
Trends for Technology Transactions
In the 2022 edition of our long-running annual podcast, partners in Mayer Brown’s Technology Transactions practice will discuss trends that will drive and shape technology transactions. This year’s program will focus on convergence of cloud, AI and data; innovation through new and complex collaborations; continued change in cybersecurity and privacy laws and priorities; increasing focus…
Cybersecurity Incident Response Developments and Trends for Financial Services Companies
2020 and 2021 saw sophisticated, coordinated cyber attacks affect some of the largest companies in the world. In the wake of these attacks, the Biden Administration and federal regulators—as well as businesses within the financial sector—are highly focused on cybersecurity. With a rapidly changing landscape, financial services companies are working hard to prepare for cyber…
US Securities and Exchange Commission Increases Focus on Cybersecurity
This past summer’s string of cyber enforcement actions signals that cybersecurity has become a top priority for the US Securities and Exchange Commission (“SEC”). These enforcement actions highlight the SEC’s scrutiny of written documentation and disclosures following incidents. In this National Cybersecurity Awareness Month Legal Update, we discuss the SEC’s recent cyber enforcement actions, as…