New SEC Requirements for Cybersecurity Incident Reporting Skip to main content

Understanding the New SEC Requirements for Cybersecurity Incident Reporting

Overview


Video: Understanding the New SEC Requirements for Cybersecurity Incident Reporting webinar, part of McDermott’s 2024 programming (runtime: 38m)
During this webinar, Partners Stephen Reynolds and Dan Woodard and Associate Charles Darantiere discussed the new US Securities and Exchange Commission (SEC) disclosure requirements for cybersecurity incidents.

Top takeaways from the webinar include:

  • When a public company experiences a cybersecurity incident, response procedures should be implemented promptly, including early communications with law enforcement.
  • Disclosure on Form 8-K are not required until a materiality determination has been made; public companies should make such determination without unreasonable delay, in consultation with external advisors and law enforcement.
  • Materiality determinations should involve careful consideration of both quantitative and qualitative factors, with contemporaneous documentation of such analysis.
  • When providing disclosure on Form 8-K, public companies should avoid specifying metrics or facts that are subject to ongoing change to avoid misleading omissions or the creation of a duty to update.

Stay Connected

Subscribe Follow Us on LinkedIn Get in Touch

Dig Deeper

Washington, DC / Speaking Engagements / May 6-8, 2026

2026 Privacy + Security Forum Spring Academy

Chicago / Speaking Engagements / April 30, 2026

GCSI Annual Conference 2026

Webinar / Webinar / April 29, 2026

Navigating Public Company Take-Private Transactions

San Antonio, TX / Speaking Engagements / April 19-21, 2026

BCBS 2026 Law, Audit, Compliance & Ethics Conference

Podcast / Speaking Engagements / April 2, 2026

President Trump's Cyber Strategy

Speaking Engagements / March 2026

Northern Trust Family Office GC Roundtable

Get In Touch