Aug. 17, 2022

SEC Cyber Rules: How to Prepare for the New 10-K Disclosure Mandates

The SEC has proposed new annual cybersecurity disclosures that promise to launch a new era of obligatory transparency for all public companies. Companies will have to share the ingredients of their cybersecurity programs and governance, allowing the whole world, not only regulatory staff, to judge how seriously a company is addressing cyber threats. This second article in a two-part series looks at how companies can prepare for these imminent Form 10-K standards, including how to establish board and management engagement with cybersecurity and to measure the financial impacts of cyber risk. Part one detailed how to get ready for the imminent SEC requirement that victim companies rapidly disclose each material cyber incident in Form 8-K filings. See “Takeaways From the SEC’s Enhanced Cybersecurity Disclosure Regime for Public Companies” (Apr. 6, 2022).

Understanding and Implementing DoD’s Cybersecurity Requirements

In an attempt to bridge the gap until the Cybersecurity Maturity Model Certification program rolls out, the U.S. Department of Defense (DoD) recently released a memorandum signaling its increasing willingness to review contractor compliance with cybersecurity standards in its contracts and take action against noncompliant contractors. With insight from experts at Holland & Knight, Covington and McCarter & English, we discuss key components of the DoD’s memorandum and what lies ahead, and we offer practical advice for government contractors and sub-contractors to overcome common compliance obstacles. See our two-part series on getting started with CMMC: “Understanding Goals, Requirements and Challenges” (Jan. 27, 2021); and “How to Prepare and What to Expect From the Assessment” (Feb. 3, 2021).

The SEC’s 2022 Reg Flex Agendas: Major Proposals and Ambitious Timelines

Following the flurry of rulemaking at the start of 2022, which fulfilled some of the items on SEC Chair Gensler’s first agendas released last summer, the SEC recently released “Reg Flex” short‑term and long‑term agendas, which spell out the agency’s priorities for the near future. This article provides an overview of the latest Reg Flex agendas, which include a focus on cybersecurity enforcement at the proposed and final rule stages, assesses the key takeaways and discusses criticism by Commissioner Hester M. Peirce. See “Present and Former SEC Officials Discuss the Commission’s Latest Examination and Enforcement Tactics and Priorities” (Jun. 29, 2022).

Octillo Bolsters Data Security Practice

Dafina Buçaj has joined Octillo as an attorney in the firm’s data security and privacy compliance and regulatory advisory practice.

Freeh Sporkin & Sullivan to Welcome Former U.S. Attorney for Eastern District of Pennsylvania

Jennifer Arbittier Williams, a former U.S. Attorney for the Eastern District of Pennsylvania and Chief of the National Security and Cybercrime Unit, will join Free Sporkin & Sullivan in early September as a partner.