Tag: Corp Fin Director Erik Gerding

Securities

Corp Fin Director issues statement regarding sharing information about cybersecurity incidents

Yesterday, Corp Fin Director Erik Gerding issued a new statement, Selective Disclosure of Information Regarding Cybersecurity Incidents. As you know, last year the SEC adopted new rules regarding cybersecurity disclosure, including requirements for both material incident reporting on Item 1.05 of Form 8-K and periodic disclosure of material information regarding cybersecurity risk management, strategy and governance.  (See this PubCo post.) Gerding’s new statement is designed to disabuse companies of the idea that the new rules preclude them from discussing information about a material cybersecurity incident with others, including their commercial counterparties, beyond the information included in the Form 8-K.   Gerding assures us that “[t]hat is not the case.” But while the new rules may not prohibit disclosure, what about Reg FD?

/ June 21, 2024
Corporate GovernanceSecurities

Corp Fin adds one more new CDI on Form 8-Ks for material cybersecurity incidents

A few days ago, Corp Fin issued three new CDIs relating to delays in reporting material cybersecurity incidents on Form 8-K. Those CDIs, together with the Department of Justice Material Cybersecurity Incident Delay Determinations, addressed questions related to the Attorney General’s determination—or not—that disclosure of the incident on Form 8-K would pose a substantial risk to national security or public safety. (See this PubCo post.) Yesterday afternoon, Corp Fin added a new CDI on a closely related topic—the impact of a DOJ consultation on a determination, for reporting purposes, about the materiality of the incident itself. As Corp Fin Director Erik Gerding observed in a speech yesterday on cybersecurity disclosure, the CDI was intended to ensure that companies are not deterred from consulting with the DOJ or other national security agencies. The new CDI can be found under the caption Exchange Act Forms, in Section 104B, Item 1.05 Material Cybersecurity Incidents.  A summary is below, but the CDI number is linked to the CDI on the SEC website, so you can easily read the version in full. 

/ December 15, 2023