Insights

Professional
Practice
Industry
Region
Trending Topics
Location
Type

Sort by:

Client Alerts 32 results

Client Alert | 5 min read | 12.19.23

FBI Offers Pathway to Request Delay of SEC Cybersecurity Incident Disclosures

Public companies now have a pathway to request a delay in their cybersecurity incident disclosure to the U.S. Securities and Exchange Commission (“SEC”). On December 6, 2023, the Federal Bureau of Investigation (“FBI”) Cyber Division published the “Cyber Victim Requests to Delay Securities and Exchange Commission Public Disclosure Policy Notice” (the “Policy Notice”) in response to the SEC’s finalized disclosure rules (the “Final Rules”). Published on July 26, 2023, the Final Rules established guidelines around cybersecurity risk management, strategy, governance, and incidents for public companies subject to the Securities Exchange Act of 1934. Among several requirements under the Final Rules, companies are required to disclose cybersecurity incidents within four days of a materiality determination by filing an SEC Form 8-K.
...

Client Alert | 3 min read | 11.08.23

Uncharted Territory: The SEC Sues SolarWinds and its CISO for Securities Laws Violations in Connection with SUNBURST Cyberattack

On October 30, 2023, the Securities and Exchange Commission (the “SEC”) filed a civil lawsuit charging SolarWinds Corporation (“SolarWinds” or the “Company”) and its chief information security officer, Timothy G. Brown (“Brown”), with securities fraud, internal controls failures, misleading investors about cyber risk, and disclosure controls failures, among other violations.  The SEC’s claims arise from allegedly known cybersecurity risks and vulnerabilities at SolarWinds associated with the SUNBURST cyberattack that occurred between 2018 and 2021.
...

Client Alert | 6 min read | 07.28.23

Five Key Takeaways from the SEC’s Final Cybersecurity Rules for Public Companies

On July 26, 2023, the SEC finalized long-awaited disclosure rules (the “Final Rules”) regarding cybersecurity risk management, strategy, governance, and incidents by public companies that are subject to the reporting requirements of the Securities Exchange Act of 1934.  While the end results are substantially similar to rules proposed by the SEC in March 2022, there are some key distinctions. 
...

Press Coverage 1 result

Publications 1 result

Webinars 4 results

Webinar | June 6, 2023

Software Supply Chain Security Requirements: Are You Ready?

The Office of Management and Budget (OMB) released Memorandum M-22-18, implementing software supply chain security requirements for federal agencies, and in turn, for government contractors providing software to the government.

Join our Crowell & Moring practitioners as they discuss deadlines approaching this summer and the applicability of OMB’s self-attestation requirements. Crowell will also provide practical insights in implementing the new software security standard, NIST SP 800-218, Secure Software Development Framework, and about completing the Cybersecurity Infrastructure Security Agency’s (CISA) draft Self-Attestation Form. 

Webinar | 04.21.22, 7:00 AM EDT - 8:00 AM EDT

Ukraine Crisis Webinar

Please join us for a discussion to explore key issues in the business community as the war in Ukraine continues to reverberate through the global supply chain.
...

Webinar | 12.17.21, 7:00 AM EST - 8:00 AM EST

The Log4j Vulnerability: What You Need to Know to Protect Your Business

Please join us for a panel on the Log4j Vulnerability and what you need to know to protect your business.
...

Speaking Engagements 6 results

Blog Posts 2 results

Blog Post | 02.22.23

Cryptocurrency Account Security

Crowell & Moring’s Crypto Digest