Tag: cybersecurity incident
A few interesting items from the CCR proxy disclosure conference
Here are a few interesting snippets regarding shareholder proposals and Item 1.05 Form 8-K from this week’s 2024 Proxy Disclosure & 21st Annual Executive Compensation Conferences from CCR Corp. On the panels, the watchword of the day seemed to be consistency—given that some topics are increasingly required to be discussed in more than one SEC filing, location or context (e.g., cyber disclosures in the proxy and 10-K), the panelists urged the audience to make sure that the disclosures were consistent with each other and that the discussions of policies, charters and procedures were consistent with company’s conduct.
SEC charges RR Donnelley with control failures related to cybersecurity incident
In this June Order, SEC Enforcement brought settled charges against R.R. Donnelley & Sons, a “global provider of business communications services and marketing solutions,” for control failures: more specifically, a failure to maintain adequate disclosure controls and procedures related to cybersecurity incidents and alerts and a failure to devise and maintain adequate internal accounting controls—more specifically, “a system of cybersecurity-related internal accounting controls sufficient to provide reasonable assurances that access to RRD’s assets—its information technology systems and networks, which contained sensitive business and client data—was permitted only with management’s authorization.” RRD agreed to pay over $2.1 million to settle the charges. Interestingly, in a Statement, SEC Commissioners Hester Peirce and Mark Uyeda decried the SEC’s use of “Section 13(b)(2)(B)’s internal accounting controls provision as a Swiss Army Statute to compel issuers to adopt policies and procedures the Commission believes prudent,” not to mention its “decision to stretch the law to punish a company that was the victim of a cyberattack.”
You must be logged in to post a comment.