In July 2023, the US Securities and Exchange Commission (SEC) took a significant step by adopting new regulations regarding cybersecurity incident and risk management reporting. This presentation will explore the ramifications of these regulations in the first year since their adoptions. Specifically, there will be: (1) an overview of the regulations as adopted; (2) a discussion of real and hypothetical legal activity relating to these regulations (including an update on Solar Winds); and (3) practical tips for cybersecurity professionals on how to integrate best practices into their current roles.

Learning Objectives:

• At the end of this session, participants will have a high-level understanding of the July 2023 SEC cybersecurity disclosure rules
• During this session, participants will be able to have a discussion about pending case studies such as Solar Winds and weigh in on the strength of disclosures in hypothetical case studies
• At the end of this session, participants will leave with practical tips for compliance, including board communication considerations