Paul Rodel – Debevoise Data Blog

Regulation

SEC Adopts New Cybersecurity Rules for Issuers – Part 2 Key Takeaways

By: Charu Chandrasekhar, Luke Dembosky, Avi Gesser, Matthew Kaplan, Erez Liebermann, Benjamin R. Pedersen, Paul Rodel, Steven J. Slutzky, Matt Kelly, Mengyi Xu, Kelly Donoghue, John Jacob, Amy Pereira, Chris Duff and Ned Terrace August 7, 2023

On July 26, 2023, the SEC adopted long-anticipated final rules on cybersecurity risk management, strategy, governance and incident disclosure for issuers (“Final Rules”). We summarized the key obligations under the…

Cybersecurity

SEC Adopts New Cybersecurity Rules for Issuers

By: Charu Chandrasekhar, Luke Dembosky, Avi Gesser, Matthew Kaplan, Erez Liebermann, Benjamin R. Pedersen, Paul Rodel, Steven J. Slutzky, Matt Kelly, Kelly Donoghue, John Jacob, Amy Pereira, Chris Duff and Mengyi Xu July 28, 2023

On July 26, 2023, the SEC adopted the long-anticipated final rules on cybersecurity risk management, strategy, governance, and incident disclosure for issuers. The new rules are part of the SEC’s larger efforts focused…

Cybersecurity

SEC Levies $1 Million Penalty for Allegedly Misleading Cybersecurity Incident Disclosures

By: Jeremy Feigelson, Avi Gesser, Paul Rodel, Charu Chandrasekhar, Joshua M. Samit and Corey Goldstein August 18, 2021

The U.S. Securities and Exchange Commission this week took the rare step of penalizing a company for its allegedly poor disclosure of a cyber incident. The SEC announced a $1…

Enforcement

Companies Face Increased Sanctions Risk for Making Ransomware Payments — Takeaways from the Latest OFAC and FinCEN Advisories

By: Luke Dembosky, Jeremy Feigelson, Avi Gesser, Satish Kini, Paul Rodel, David Sewell, Martha Hirst, Robert Maddox, Zila Reyes Acosta-Grimes and Mengyi Xu October 6, 2020

Earlier this year, we shared a list of 13 technical and nontechnical measures companies can adopt to mitigate the risks of ransomware attacks. With ransomware and other malicious cyber-related attacks…