Elizabeth E. McGinn extensively quoted in Cybersecurity Law Report article, “SEC cyber rules: How to prepare for the new 8-K incident mandate”
Cybersecurity Law ReportElizabeth E. McGinn
The Cybersecurity Law Report article, “SEC cyber rules: How to prepare for the new 8-K incident mandate,” examined the SEC’s proposed rules to give investors a better view of how public companies are tackling risks around cybersecurity and better compare companies’ cyber efforts. The new mandate requires companies to provide details on their cybersecurity programs. In addition, following a cyber incident, companies must rapidly analyze the materiality of each event and disclose qualifying events in an 8‑K filing.
McGinn noted that in-house counsel hope the final rule supplies more guidance to clarify the materiality determinations that they need to make rapidly. “People are seeking more details around that required analysis.” With regard to companies checking their digital security escalation procedures, McGinn recommended that all employees who deal with cybersecurity issues have a clear understanding of the escalation framework, and that it has been tested. “This is a good time to review whether escalation plans need to be tweaked, and to see if there are more resources to put in this area.”
When asked about potential changes in rules and regulations, McGinn shared that with every new rule companies need to check their previous plans, noting that companies cannot just “rest on what they have done in the past, no matter how much effort they have already dedicated to practicing it before.”
Click here to read the full article. Subscription required.