SEC as Cyber Cop

The current leadership at the SEC has made clear that cybersecurity is a top enforcement priority and the agency continues to pursue public companies and regulated entities that it deems to have inadequate cybersecurity policies and disclosures.  In addition to pursuing an aggressive enforcement agenda based on existing requirements, the SEC has simultaneously proposed a new regulatory framework to govern disclosure of cyber incidents and create new corporate governance requirements in relation to cybersecurity.  Our panel will provide an overview of the SEC’s requirements (both existing and forthcoming) and share insights into what might be driving the SEC’s unprecedented efforts to police the cybersecurity of public companies and regulated entities.

Our speakers will discuss:

• An overview of the cyber climate as context for the SEC’s aggressive posture (5 minutes)
• The SEC’s evolving enforcement priorities in relation to cybersecurity (10 minutes)
• Provisions of the securities laws that afford the SEC a broad basis to pursue cyber-related misconduct (10 minutes)
• The SEC’s forthcoming rulemaking and how companies can prepare for the new regime (10 minutes)
• An analysis of the SEC’s cyber enforcement actions to date, with a focus on lessons learned (10 minutes)
• Risk mitigation measures in light of proposed rulemaking and a projected uptick in enforcement (15 minutes)

Faculty:

Brian E. Finch

Pillsbury Winthrop Shaw Pittman LLP

David Oliwenstein

Pillsbury Winthrop Shaw Pittman LLP