by Helena K. Grannis, Rahul Mukhi, Jonathan S. Kolodner, Tom Bednar, Nina E. Bell, and James P. Abate
In July 2023, the U.S. Securities and Exchange Commission (SEC) adopted final rules to enhance and standardize disclosure requirements related to cybersecurity. In order to comply with the new reporting requirements of the rules, companies will need to make ongoing materiality determinations with respect to cybersecurity incidents and series of related incidents. The inherent nature of cybersecurity incidents, which are often initially characterized by a high degree of uncertainty around scope and impact, and an SEC that is laser- focused on cybersecurity from both a disclosure and enforcement perspective, combine to present registrants and their boards of directors with a novel set of challenges heading into 2024. Continue reading