May 9, 2023
Click for PDF
It is no secret among public companies and their counsel that the US Securities and Exchange Commission has steadily adopted a more aggressive stance on cybersecurity controls and disclosure and incident response recordkeeping. SEC Senior Counsel Arsen Ablaev recently highlighted the Commission’s cybersecurity priorities at the annual Incident Response Forum Masterclass. SEC Chair Gary Gensler also emphasized risks in cyber and information security in the March 29 budget hearing with the House Appropriations Committee, and endorsed U.S. President Joe Biden’s request to earmark a record $2.4 billion in funding for the regulator in 2024. Last month saw yet another example of the SEC’s mounting focus on cyber disclosures as an enforcement priority with the announcement that cloud computing company Blackbaud agreed to pay a $3-million civil penalty to settle administrative charges for alleged “materially misleading disclosures” about a 2020 ransomware attack.
As we foreshadowed in our 2023 U.S. Cybersecurity and Data Privacy Outlook and Review, the increase in SEC enforcement resources (e.g.,…
