On July 26, 2023, the Securities and Exchange Commission (SEC) adopted the long-awaited final rule requiring that public companies disclose information about cybersecurity incidents within four business days of determining the incident is material. GT wrote about the proposed rule shortly after it was released in March 2022. For context, Commissioner Caroline Crenshaw noted, in connection with the adoption of the rule, that, “cybersecurity breaches reported by public companies increased by nearly 600% in the last decade and the costs, borne by issuers and their investors, are estimated to be in the trillions of dollars per year in the U.S. alone.”

Continue reading the full GT Alert.

Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Jena M. Valdetero Jena M. Valdetero

Jena M. Valdetero serves as Co-Chair of the firm’s U.S. Data, Privacy and Cybersecurity Practice where she advises clients on complex data privacy and security issues. She has led more than 1,000 data breach investigations. A litigator by background, Jena defends companies against…

Jena M. Valdetero serves as Co-Chair of the firm’s U.S. Data, Privacy and Cybersecurity Practice where she advises clients on complex data privacy and security issues. She has led more than 1,000 data breach investigations. A litigator by background, Jena defends companies against privacy and data breach litigation, with an emphasis on class action lawsuits. She has designed and conducted dozens of data breach tabletop exercises to empower clients to respond effectively to a data security incident. She also counsels companies on data privacy and security compliance programs and advises on privacy and cyber risks associated with mergers and acquisitions, venture capital, and securities. Jena also advises a diverse array of clients on compliance with existing and emerging privacy laws, including the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), the Gramm Leach Bliley Act (GLBA), and the Health Insurance Portability and Accountability Act (HIPAA). She is a certified privacy professional through the International Association of Privacy Professionals (CIPP/US), for which she is a former KnowledgeNet Co-Chair.

Photo of Steven M. Malina Steven M. Malina

Steven M. Malina, a former Senior Attorney in the SEC’s enforcement branch, focuses his practice on a variety of litigation and regulatory matters with representations of financial services industry clients, hedge fund matters, and securities and general commercial litigation. He represents officers, directors,

Steven M. Malina, a former Senior Attorney in the SEC’s enforcement branch, focuses his practice on a variety of litigation and regulatory matters with representations of financial services industry clients, hedge fund matters, and securities and general commercial litigation. He represents officers, directors, broker-dealers, investment advisors, commercial banks, investment banks, investment management firms, and public issuers in investigations and disciplinary proceedings initiated by the SEC, CFTC, FINRA, FDIC, NYSE, CBOE, CME, and state regulators. In addition, Steve represents clients in related investor class-action, derivative, and other litigation and arbitration. He has also conducted internal investigations on behalf of publicly traded companies and represented committees and executive officers in internal investigations. Steve has represented brokerage firms and their management in customer-initiated cases, and injunction and arbitration proceedings.

Prior to entering private practice, Steve served as First Vice President and Deputy Regional Counsel for a large financial corporation and was a Senior Attorney in the Branch of Enforcement of the U.S. Securities and Exchange Commission.