Understanding the New SEC Requirements for Cybersecurity Incident Reporting - McDermott Will & Emery

Understanding the New SEC Requirements for Cybersecurity Incident Reporting


During this webinar, Partners Stephen Reynolds and Dan Woodard and Associate Charles Darantiere discussed the new US Securities and Exchange Commission (SEC) disclosure requirements for cybersecurity incidents.

Top takeaways from the webinar include:

  • When a public company experiences a cybersecurity incident, response procedures should be implemented promptly, including early communications with law enforcement.
  • Disclosure on Form 8-K are not required until a materiality determination has been made; public companies should make such determination without unreasonable delay, in consultation with external advisors and law enforcement.
  • Materiality determinations should involve careful consideration of both quantitative and qualitative factors, with contemporaneous documentation of such analysis.
  • When providing disclosure on Form 8-K, public companies should avoid specifying metrics or facts that are subject to ongoing change to avoid misleading omissions or the creation of a duty to update.

Dig Deeper

Cambridge, United Kingdom / Speaking Engagements / July 1-3, 2024

Privacy Laws & Business | 37th International Conference

Trier, Germany / Speaking Engagements / June 3-12, 2024

ERA Young Lawyers European Academy

Los Angeles, CA / Speaking Engagements / June 6-7, 2024

USC Gould / Analysis Group Global Competition Law Thought Leadership Conference

Webinar / McDermott Event / June 6, 2024

EU Data Act | Impact for Japanese Companies

Washington, DC / Speaking Engagements / May 8-10, 2024

2024 Privacy + Security Spring Academy

Get In Touch