Kelly Donoghue – Debevoise Data Blog

Artificial Intelligence

Top 10 SEC Cyber/AI Blog Posts for 2024

By: Andrew J. Ceresney, Charu A. Chandrasekhar, Luke Dembosky, Avi Gesser, Eric T. Juergens, Arian June, Robert B. Kaplan, Erez Liebermann, Sheena Paul, Benjamin R. Pedersen, Marc Ponchione, Jeff Robins, Paul Rodel, Julie M. Riewe, Kristin Snyder, Jonathan R. Tuttle, Phil Fortino, Matt Kelly, Anna Moody, Stephan J. Schlegelmilch, Johanna Skrzypczyk, Suchita Mandavilli Brundage, Kelly Donoghue, Andreas A. Glimenakis, Alice Gu, John Jacob, Gabriel Kohan, Talia Lorch, Ciera Mandelsberg, Noah L. Schwartz, Ned Terrace and Mengyi Xu December 12, 2024

As we approach the end of the year, here are the Top 10 SEC Cyber/AI posts on the Debevoise Data Blog in 2024 by page views. If you are not…

Enforcement

SEC Charges Four Companies for Misleading Cyber Disclosures

By: Andrew J. Ceresney, Charu A. Chandrasekhar, Luke Dembosky, Erez Liebermann, Benjamin R. Pedersen, Julie M. Riewe, Matt Kelly, Anna Moody, Kelly Donoghue, Ciera Mandelsberg and Noah L. Schwartz October 28, 2024

On October 22, 2024, the U.S. Securities and Exchange Commission (the “SEC”) announced settled charges in separate actions against four technology companies—Avaya Holdings Corp. (“Avaya”), Check Point Software Technologies Ltd.…

Business

SEC Releases New Guidance on Material Cybersecurity Incident Disclosure

By: Paul Rodel, Benjamin R. Pedersen, Erez Liebermann, Eric T. Juergens, Anna Moody, John Jacob and Kelly Donoghue June 27, 2024

June 27, 2024 On June 24, 2024, the staff of the Division of Corporation Finance of the Securities and Exchange Commission (the “SEC”) released five new Compliance & Disclosure Interpretations…

Cybersecurity

100 Days of Cybersecurity Incident Reporting on Form 8-K: Lessons Learned

By: Charu A. Chandrasekhar, Erez Liebermann, Benjamin R. Pedersen, Paul Rodel, Matt Kelly, Anna Moody, John Jacob, Kelly Donoghue and Talia Lorch March 28, 2024

On December 18, 2023, the Securities and Exchange Commission’s (the “SEC”) rule requiring disclosure of material cybersecurity incidents became effective. To date, 11 companies have reported a cybersecurity incident under…

SEC

Hackers Turned Whistleblowers: SEC Cybersecurity Rules Weaponized Over Ransom Threat

By: Andrew J. Ceresney, Charu A. Chandrasekhar, Luke Dembosky, Avi Gesser, Matthew Kaplan, Erez Liebermann, Benjamin R. Pedersen, Steven J. Slutzky, Jonathan R. Tuttle, Matt Kelly and Kelly Donoghue November 20, 2023

On November 7, 2023, the profilic ransomware group AlphV (a/k/a “BlackCat”) reportedly breached software company MeridianLink’s information systems, exfiltrated data and demanded payment in exchange for not publicly releasing the…

Regulation

SEC Adopts New Cybersecurity Rules for Issuers – Part 2 Key Takeaways

By: Charu A. Chandrasekhar, Luke Dembosky, Avi Gesser, Matthew Kaplan, Erez Liebermann, Benjamin R. Pedersen, Paul Rodel, Steven J. Slutzky, Matt Kelly, Mengyi Xu, Kelly Donoghue, John Jacob, Amy Pereira, Chris Duff and Ned Terrace August 7, 2023

On July 26, 2023, the SEC adopted long-anticipated final rules on cybersecurity risk management, strategy, governance and incident disclosure for issuers (“Final Rules”). We summarized the key obligations under the…

Cybersecurity

SEC Adopts New Cybersecurity Rules for Issuers

By: Charu A. Chandrasekhar, Luke Dembosky, Avi Gesser, Matthew Kaplan, Erez Liebermann, Benjamin R. Pedersen, Paul Rodel, Steven J. Slutzky, Matt Kelly, Kelly Donoghue, John Jacob, Amy Pereira, Chris Duff and Mengyi Xu July 28, 2023

On July 26, 2023, the SEC adopted the long-anticipated final rules on cybersecurity risk management, strategy, governance, and incident disclosure for issuers. The new rules are part of the SEC’s larger efforts focused…