Paul Rodel – Debevoise Data Blog

Artificial Intelligence

Top 10 SEC Cyber/AI Blog Posts for 2024

By: Andrew J. Ceresney, Charu A. Chandrasekhar, Luke Dembosky, Avi Gesser, Eric T. Juergens, Arian June, Robert B. Kaplan, Erez Liebermann, Sheena Paul, Benjamin R. Pedersen, Marc Ponchione, Jeff Robins, Paul Rodel, Julie M. Riewe, Kristin Snyder, Jonathan R. Tuttle, Phil Fortino, Matt Kelly, Anna Moody, Stephan J. Schlegelmilch, Johanna Skrzypczyk, Suchita Mandavilli Brundage, Kelly Donoghue, Andreas A. Glimenakis, Alice Gu, John Jacob, Gabriel Kohan, Talia Lorch, Ciera Mandelsberg, Noah L. Schwartz, Ned Terrace and Mengyi Xu December 12, 2024

As we approach the end of the year, here are the Top 10 SEC Cyber/AI posts on the Debevoise Data Blog in 2024 by page views. If you are not…

Cybersecurity

Internal Accounting Controls Claim Rejected in SolarWinds Case

By: Andrew J. Ceresney, Charu A. Chandrasekhar, Luke Dembosky, Erez Liebermann, Benjamin R. Pedersen, Julie M. Riewe, Paul Rodel, Matt Kelly, Anna Moody, Alice Gu and Talia Lorch July 23, 2024

On July 18, 2024, in the landmark SEC v. SolarWinds Corp. case, U.S. District Judge Paul Engelmayer dismissed the majority of the claims brought by the U.S. Securities and Exchange Commission (the…

Business

SEC Releases New Guidance on Material Cybersecurity Incident Disclosure

By: Paul Rodel, Benjamin R. Pedersen, Erez Liebermann, Eric T. Juergens, Anna Moody, John Jacob and Kelly Donoghue June 27, 2024

June 27, 2024 On June 24, 2024, the staff of the Division of Corporation Finance of the Securities and Exchange Commission (the “SEC”) released five new Compliance & Disclosure Interpretations…

Cybersecurity

100 Days of Cybersecurity Incident Reporting on Form 8-K: Lessons Learned

By: Charu A. Chandrasekhar, Erez Liebermann, Benjamin R. Pedersen, Paul Rodel, Matt Kelly, Anna Moody, John Jacob, Kelly Donoghue and Talia Lorch March 28, 2024

On December 18, 2023, the Securities and Exchange Commission’s (the “SEC”) rule requiring disclosure of material cybersecurity incidents became effective. To date, 11 companies have reported a cybersecurity incident under…

SEC

SEC Cybersecurity Rules for Issuers – Part 4: FBI, DOJ and SEC Publish Guidance on Disclosure Delays

By: Charu A. Chandrasekhar, Luke Dembosky, Avi Gesser, Erez Liebermann, Benjamin R. Pedersen, Paul Rodel, Matt Kelly, Michael R. Roberts, Paul D. Lowry and Alice Gu December 18, 2023

The SEC’s new cybersecurity rules for public companies became effective on December 18, 2023. The rules require disclosure of a cybersecurity event within four business days of a determination that it…

Regulation

SEC Adopts New Cybersecurity Rules for Issuers – Part 2 Key Takeaways

By: Charu A. Chandrasekhar, Luke Dembosky, Avi Gesser, Matthew Kaplan, Erez Liebermann, Benjamin R. Pedersen, Paul Rodel, Steven J. Slutzky, Matt Kelly, Mengyi Xu, Kelly Donoghue, John Jacob, Amy Pereira, Chris Duff and Ned Terrace August 7, 2023

On July 26, 2023, the SEC adopted long-anticipated final rules on cybersecurity risk management, strategy, governance and incident disclosure for issuers (“Final Rules”). We summarized the key obligations under the…

Cybersecurity

SEC Adopts New Cybersecurity Rules for Issuers

By: Charu A. Chandrasekhar, Luke Dembosky, Avi Gesser, Matthew Kaplan, Erez Liebermann, Benjamin R. Pedersen, Paul Rodel, Steven J. Slutzky, Matt Kelly, Kelly Donoghue, John Jacob, Amy Pereira, Chris Duff and Mengyi Xu July 28, 2023

On July 26, 2023, the SEC adopted the long-anticipated final rules on cybersecurity risk management, strategy, governance, and incident disclosure for issuers. The new rules are part of the SEC’s larger efforts focused…

Cybersecurity

SEC Levies $1 Million Penalty for Allegedly Misleading Cybersecurity Incident Disclosures

By: Jeremy Feigelson, Avi Gesser, Paul Rodel, Charu A. Chandrasekhar, Joshua M. Samit and Corey Goldstein August 18, 2021

The U.S. Securities and Exchange Commission this week took the rare step of penalizing a company for its allegedly poor disclosure of a cyber incident. The SEC announced a $1…

Enforcement

Companies Face Increased Sanctions Risk for Making Ransomware Payments — Takeaways from the Latest OFAC and FinCEN Advisories

By: Luke Dembosky, Jeremy Feigelson, Avi Gesser, Satish Kini, Paul Rodel, David Sewell, Martha Hirst, Robert Maddox, Zila Reyes Acosta-Grimes and Mengyi Xu October 6, 2020

Earlier this year, we shared a list of 13 technical and nontechnical measures companies can adopt to mitigate the risks of ransomware attacks. With ransomware and other malicious cyber-related attacks…