Debevoise Data Blog – Page 29

100 Days of Cybersecurity Incident Reporting on Form 8-K: Lessons Learned

By: Charu A. Chandrasekhar, Erez Liebermann, Benjamin R. Pedersen, Paul Rodel, Matt Kelly, Anna Moody, John Jacob, Kelly Donoghue and Talia Lorch March 28, 2024

On December 18, 2023, the Securities and Exchange Commission’s (the “SEC”) rule requiring disclosure of material cybersecurity incidents became effective. To date, 11 companies have reported a cybersecurity incident under the new Item 1.05 of Form 8-K (“Item 1.05”).[1] After the first 100 days of mandatory cybersecurity incident reporting, we examine the early results of the SEC’s new disclosure requirement.…

AI Enforcement Starts with Washing: The SEC Charges its First AI Fraud Cases

By: Andrew J. Ceresney, Charu A. Chandrasekhar, Avi Gesser, Arian June, Robert B. Kaplan, Julie M. Riewe, Jeff Robins, Kristin Snyder, Jonathan R. Tuttle, James Amler, Phil Fortino, Matt Kelly, Anna Moody, Stephan J. Schlegelmilch, Gabriel Kohan and Corey Goldstein March 19, 2024

On March 18, 2024, the U.S. Securities and Exchange Commission (“SEC”) announced settled charges against two investment advisers, Delphia (USA) Inc. (“Delphia”) and Global Predictions Inc. (“Global Predictions”) for making false and misleading statements about their alleged use of artificial intelligence (“AI”) in connection with providing investment advice. These settlements are the SEC’s first-ever cases charging violations of the antifraud…

NIST Releases Most Significant Update to Cybersecurity Framework Since 2014

By: Avi Gesser, Erez Liebermann, Michael R. Roberts, HJ Brehmer and Annabella M. Waszkiewicz March 14, 2024

On February 26, 2024, the National Institute of Standards and Technology (“NIST”) announced the release of Version 2.0 of the Cybersecurity Framework (“Version 2.0” or the “Framework”). We previously wrote about proposed changes to the Framework, which has become an important industry standard for assessing cybersecurity maturity of organizations and managing cybersecurity risk. Version 2.0’s enhanced guidance, and particularly its…

Webcast – CFTC Proposed Rulemaking for an Operational Resilience Framework

By: Erez Liebermann, Caroline Novogrod Swett, Robert Maddox and Stephanie Thomas March 7, 2024

On March 15, 2024, Erez Liebermann, Caroline Swett, Robert Maddox, and Stephanie Thomas from our Data Strategy and Security and Banking Groups hosted the next installment of our Data Security Webcast, where they delved into the Commodity Futures Trading Commission’s (“CFTC”) notice of proposed rulemaking for an operational resilience framework for futures commission merchants, swap dealers, and major swap participants…

Announcing the Debevoise Tracker for Cybersecurity Incident Disclosure on Form 8-K

By: Avi Gesser, Benjamin R. Pedersen, John Jacob and Talia Lorch March 6, 2024

In July, we previewed the new rules adopted by the Securities and Exchange Commission (“SEC”) for Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure. Under these rules, Item 1.05 of Form 8-K requires U.S. public companies to disclose material cybersecurity incidents. We have been tracking Form 8-K filings under the new SEC requirements since the rules went into effect on…