Tag: cybersecurity incident disclosure
New Cooley Alert: SEC Reporting Implications for Publicly Traded Companies Impacted by CrowdStrike Defective Software Update
As you know, the recent CrowdStrike defective software update caused massive and, in some cases, systemic failures to computers and networks of CrowdStrike’s customers running certain Microsoft operating systems. If your company was affected by the CrowdStrike server-related outages, you will certainly want to review this new Cooley Alert, SEC Reporting Implications for Publicly Traded Companies Impacted by CrowdStrike Defective Software Update from our Cyber/Data/Privacy and our Public Companies Groups.
Corp Fin issues new CDIs on cybersecurity incident disclosure
Corp Fin has just issued a new set of CDIs under Form 8-K, Item 1.05, Material Cybersecurity Incidents. The SEC adopted final rules regarding cybersecurity disclosure in 2023, requiring companies “to disclose material cybersecurity incidents they experience and to disclose on an annual basis material information regarding their cybersecurity risk management, strategy, and governance.” Under the final rules, if a public company experiences a cybersecurity incident that the company determines to be material, the company is required to file a Form 8-K under new Item 1.05, describing the “material aspects of the nature, scope, and timing of the incident, and the material impact or reasonably likely material impact on the registrant, including its financial condition and results of operations.” The materiality determination regarding a cybersecurity incident must be made “without unreasonable delay” after discovery of the incident. To the extent that the required information has not been determined or is unavailable at the time of the required filing, the company is required to include a statement to that effect in the filing and then file an amendment to its Form 8-K containing that information within four business days after the company, without unreasonable delay, determines the information or the information becomes available. (See this PubCo post.) Generally, the new CDIs address Form 8-K Item 1.05 filings in the context of cybersecurity incidents that involve ransomware attacks that result in a disruption in operations or the exfiltration of data. Summaries are below, but each CDI number below is linked to the CDI on the SEC website, so you can easily read the version in full.
You must be logged in to post a comment.