Cybersecurity

Subscribe to Cybersecurity via RSS

The following is part of our annual publication Selected Issues for Boards of Directors in 2025Explore all topics or download the PDF.

The SEC pursued multiple high profile enforcement actions in 2024, alongside issuing additional guidance around compliance with the new cybersecurity disclosure rules. Together these developments demonstrate a continued focus by the SEC on robust disclosure frameworks for cybersecurity incidents. Public companies will need to bear these developments in mind as they continue to grapple with cybersecurity disclosure requirements going into 2025.Continue Reading Cybersecurity Disclosure and Enforcement Developments and Predictions

2025 promises to be another turbulent year for boards of directors. On the heels of a historically unprecedented election, companies are still ramping up compliance with the ambitious agenda of the outgoing administration while simultaneously bracing for the changes promised by the next one. Against that backdrop, colleagues from across Cleary’s offices have zeroed-in on the impact of the issues that boards of directors and senior management of public companies have faced in the past year, as well as on what can be anticipated in the year to come.Continue Reading Selected Issues for Boards of Directors in 2025

The following post was originally included as part of our recently published memorandum “Selected Issues for Boards of Directors in 2024”.

Continuing global trends to protect consumer privacy and rein in the exploitation of personal data by organizations, 2023 saw an explosion of comprehensive privacy laws, amendments to existing laws and a proliferation of targeted regulations around the world. Continue Reading Privacy and Data Protection Compliance Will Become More Fragmented in 2024

The following post was originally included as part of our recently published memorandum “Selected Issues for Boards of Directors in 2024”.

In July 2023, the U.S. Securities and Exchange Commission (SEC) adopted final rules to enhance and standardize disclosure requirements related to cybersecurity.  In order to comply with the new reporting requirements of the rules, companies will need to make ongoing materiality determinations with respect to cybersecurity incidents and series of related incidents.  The inherent nature of cybersecurity incidents, which are often initially characterized by a high degree of uncertainty around scope and impact, and an SEC that is laser-focused on cybersecurity from both a disclosure and enforcement perspective, combine to present registrants and their boards of directors with a novel set of challenges heading into 2024.Continue Reading Crossing a New Threshold for Material Cybersecurity Incident Reporting

As 2024 gets off to a busy start, companies, boards and management teams are facing a host of new and developing business issues and a large array of regulatory developments, from new and growing risks and opportunities from the adoption of artificial intelligence, to ever-changing ESG issues and backlash, as well as enhanced focus on government enforcement and review. As has become a tradition, we have asked our colleagues from around our firm to boil down those issues in their fields that boards of directors and senior management of public companies will be facing in the coming year, yielding focused updates in eighteen topics that will surely feature at the top of board agendas throughout the year.Continue Reading Selected Issues for Boards of Directors in 2024

On July 26, 2023, the U.S. Securities and Exchange Commission (the “SEC” or “Commission”) adopted rules to enhance and standardize disclosure requirements related to cybersecurity incident reporting and cybersecurity risk management, strategy, and governance.Continue Reading New SEC Disclosure Rules for Cybersecurity Incidents and Governance and Key Takeaways

The following post was originally included as part of our recently published memorandum “Selected Issues for Boards of Directors in 2023”.

In a recent survey of almost 2,800 global organizations, one in five respondents reported experiencing a ransomware attack in 2021—with almost half of those respondents suffering significant operational impacts as a result.

The following post was originally included as part of our recently published memorandum “Selected Issues for Boards of Directors in 2023”.

As the value of data continues to increase exponentially, so too do the associated risks, including risk of cyberattacks, data breaches or data-related litigation, as well as rising regulation throughout the world

Last month, the U.S. Securities and Exchange Commission issued a proposal to enhance and standardize disclosure requirements related to cybersecurity incident reporting and cybersecurity risk management, strategy, and governance. Among other changes, the SEC’s proposal would require disclosure about material cybersecurity incidents within four business days and require annual disclosure regarding a registrant’s policies and

Almost two years into the COVID-19 pandemic, it is clear that the corporate workplace has changed for good. As the world continues to reopen and companies return to the office, what we are returning to is not business as usual, but a new future of work – a future characterized by a shift from the traditional workplace to remote and hybrid models that provide opportunities to work in effective and efficient ways from anywhere.
Continue Reading Returning to the Future of Work: Considerations for the Virtual Board Room in the ‘Post’-Pandemic Era