On October 22, 2024, the Securities and Exchange Commission (SEC) announced it had charged four current and former public companies — Unisys Corp., Avaya Holdings Corp., Check Point Software Technologies Ltd., and Mimecast Limited — with making materially misleading disclosures about cybersecurity risks and intrusions. The civil penalties ranged from $990,000 to $4 million, with Unisys fined the most.
Sanjay Wadhwa, acting director of the SEC’s Division of Enforcement, said in a press release statement, “…while public companies may become targets of cyberattacks, it is incumbent upon them to not further victimize their shareholders or other members of the investing public by providing misleading disclosures about the cybersecurity incidents they have encountered.”
Kurt Sanger, counsel at Buchanan Ingersoll and Rooney’s Cybersecurity & Data Privacy practice, says his law firm expects state and foreign governments to continue being assertive regarding companies’ claims about their cybersecurity, artificial intelligence, and other developing technologies.
“New technologies generally have three characteristics that make them difficult to communicate about: They are complex and poorly understood, they offer great promise, and they pose unknown and potentially significant risks,” says Sanger in an email interview. “Some may believe the inherent complexities and lack of understanding give them cover to omit certain facts. Some may believe so strongly in their technologies that they describe them based on aspirations rather than reality and probability. When organizations make questionable statements based on the information available to them at the time, they leave themselves open to government, customer, and shareholder scrutiny.”
Is This the Tip of the Iceberg?
Mike Piazza, partner at CM Law and former regional trial counsel for the SEC, says the dissent by Commissioners Hester Peirce and Mark Udeya is worth noting because they disagree about what is “material.”
“The SEC is supposed to adhere to a materiality standard, and yet it’s hard to discern what the guiding principles are in determining what’s material to disclose from those four decisions,” says Piazza in an email interview. “As a result of the election, control of the Commission will change. Thus, the guidance from the dissenting Commissioners about how to determine materiality for the purposes of disclosure in these circumstances likely will become the guiding principles upon which companies should focus going forward.”
To read the entire article, click HERE
CM Law PLLC (cm.law) – formerly Culhane Meadows PLLC – is the largest full-service business law firm in the nation that is both women-owned and managed (WBE). Designed to provide experienced attorneys with an optimal way to practice sophisticated law while maintaining a superior work/life balance, the firm offers fully remote work options, a transparent, merit and math-based compensation structure, and a collaborative culture. Serving a diverse clientele—from individuals and small businesses to over 40 Fortune-ranked companies—CM Law is committed to delivering exceptional legal services across a broad spectrum of industries.
