43 The Securities and Exchange Commission (the “SEC”) recently announced the creation of a Cyber and Emerging Technologies Unit (“CETU”) that will focus on fraudulent conduct in cybersecurity, digital assets, and emerging technologies such as artificial intelligence. For reporting issuers, the announcement indicates that the new unit will focus on combatting fraud and other “cyber-related misconduct,” including “public issuer fraudulent disclosure relating to cybersecurity.” The unit’s announced focus on “fraudulent” cybersecurity disclosures marks a potential shift from the SEC’s recent enforcement approach, which we will discuss below. SEC’s Cybersecurity Enforcement since 2023 On July 25, 2023, the SEC adopted new rules for reporting companies regarding cybersecurity risk management. The SEC enforced accurate disclosure of risks. In October 2024, the SEC charged four current and former public companies – Unisys Corp., Avaya Holdings Corp., Check Point Software Technologies Ltd, and Mimecast Limited – with making materially misleading disclosures regarding cybersecurity risks and intrusions. The SEC also charged Unisys with disclosure controls and procedures violations. Cybersecurity Risk Management Enforcement – Pendulum Swings Guy Ben-Ami Partner
RkJQdWJsaXNoZXIy MjgzNzA=