The Securities and Exchange Commission (“SEC”) recently filed charges against SolarWinds for allegedly misleading investors regarding the company’s security posture and failing to fully disclose a material cyberattack to investors. Investigators allege that in March 2020,...

The National Institute of Standards and Technology (NIST) continues the process of refreshing the consensus-based “Framework for Improving Critical Infrastructure Cybersecurity,” often referred to as simply the “Cybersecurity Framework” or “CSF.”  Initially published in 2014,...

On July 26, the Securities and Exchange Commission (“SEC”) adopted final rules demanding new cybersecurity requirements for all public companies.  These new rules stem from a March 2022 proposal that—in the SEC’s view—attempts to correct...

The SEC recently announced a delay in the anticipated release of a new regulation that would require public companies to file a Form 8-K regarding material cybersecurity incidents within four days of discovering the incident....

On January 4th, the Office of Information and Regulatory Affairs released the Fall 2022 Unified Agenda of Regulatory and Deregulatory Actions (yes, the “Fall 2022” agenda was published in January 2023), including short and long-term...

The Securities and Exchange Commission’s Office of Compliance Inspections and Examinations (OCIE) has released a new report, entitled Cybersecurity and Resiliency Observations, which stands as their most detailed and comprehensive information security guidance to date....

The SEC has issued a “Framework for ‘Investment Contract’ Analysis of Digital Assets” (the ‘Framework’) that provides the Division of Corporation Finance’s guidance on how to evaluate whether digital assets are “investment contracts,” which are a...

The Securities and Exchange Commission (“SEC”) recently announced a $388,000 settlement with the founder of EtherDelta, a digital “token” trading platform, for operating an unregistered cryptocurrency exchange. This is the first enforcement action of its...

The SEC and Voya Financial Services recently reached a $1 million settlement, stemming from a 2016 security incident in which individuals impersonating Voya’s independent contractors were able to gain access to the PII (including full...