Cyber Risk Archives

In Cybersecurity

CISOs, Internal Accounting Controls, Crown Jewels and Disclosure Procedures: Peeling Back The Onion of the Solar Winds Enforcement Action

November 7, 2023 by Peter Chan, Cynthia Cole, Brian Hengesbaugh, Manisha Reddy, Elizabeth Roper, Avi Toltzis, Jerome Tomas and Cyrus R. Vance Jr. 12 Mins Read

In many ways, the Securities and Exchange Commission’s (“SEC”) October 30, 2023 enforcement action against software company SolarWinds Corporation (“SolarWinds”) and its chief information security officer (“CISO”) is a typical securities case. The first four counts involve alleged material misstatements by the public company related to widely reported operational turmoil that allegedly materially impacted the company. But aspects of the case may signal a change in how the SEC looks at cyber incidents, including internal…

In Cybersecurity

Buyer Beware: Cyber Diligence in M&A

December 6, 2022 by Cyrus R. Vance Jr., Cynthia Cole and Alan Zoccolillo 5 Mins Read

Trillions of dollars are spent on M&A each year, yet reports suggest that less than 10% of deals integrate cybersecurity into the due diligence process.1 Despite the FBI and private watch dog groups raising multiple warning flags about ransomware groups hitting more and more companies in the middle of significant transactions like M&A, and despite increased focus from the FTC and the SEC on data security failures as legitimate reasons for shareholder and government enforcement…

In Cybersecurity

SEC Proposes Broad New Cybersecurity Risk Management Rules for Investment Advisers and Funds

February 11, 2022 by Amy Greer, Jennifer Klass, Valerie Mirko, Harry Valetk and Cyrus R. Vance Jr. 8 Mins Read

Commission Seeks Public Comment on Wide Range of Issues in Proposal On February 9, 2022, the Securities and Exchange Commission (SEC or Commission) voted 3-1, with Commissioner Peirce, the lone remaining Republican appointee opposed, to propose new rules under the Investment Advisers Act of 1940 (Advisers Act) and the Investment Company Act of 1940 (Investment Company Act) related to cybersecurity risk management, reporting of breach events, and recordkeeping for registered investment advisers and investment funds.1 If…

In Cybersecurity

What You Don’t Have Can’t Hurt You – Reducing Cyber Risk Through Proper Data Management

February 3, 2022 by Amy Quackenbush and Lisa Douglas 9 Mins Read

As organizations continue to create more data and the threat of cyber risk continues to grow and evolve, businesses are trying to keep up with advancing technologies, find new ways to prepare for cyber-attacks, and mitigate the associated risks. While some of these actions typically occur in response to an attack (e.g. fixing exploited flaws and vulnerabilities, and upgrading technology to better monitor future threats), proper data management is critical to reducing the risks to…

In Data Breaches

International Regulatory Update: Asia Pacific

October 20, 2021 by Sonia Ong 1 Min Read

Navigating multiple regulatory frameworks requires cross-border awareness and cooperation by numerous teams when a data breach occurs across international borders. In this particular session on International Regulatory Updates (Asia Pacific), our Partner Sonia Ong shares her views on recent and pending regulatory developments, and the future of international data protection laws in the region particularly across Southeast Asia. This webinar is part of the virtual program of the Santa Monica Cyber Risk Summit organized by…