{"id":7592,"date":"2024-11-21T11:44:15","date_gmt":"2024-11-21T16:44:15","guid":{"rendered":"https:\/\/seci.wpenginepowered.com\/?p=7592"},"modified":"2024-11-21T11:48:42","modified_gmt":"2024-11-21T16:48:42","slug":"enforcement-for-cybersecurity-risk-disclosure-shortfalls","status":"publish","type":"post","link":"https:\/\/seciblog.pli.edu\/index.php\/enforcement-for-cybersecurity-risk-disclosure-shortfalls\/","title":{"rendered":"Enforcement for Cybersecurity Risk Disclosure Shortfalls"},"content":{"rendered":"<p>On October 22, 2024, the SEC <a href=\"https:\/\/www.sec.gov\/newsroom\/press-releases\/2024-174\">announced<\/a> settled enforcement actions against four companies focused on disclosures about cybersecurity risks and actual cybersecurity intrusions.\u00a0 The four companies were <a href=\"https:\/\/www.sec.gov\/files\/litigation\/admin\/2024\/33-11320.pdf\">Avaya Holdings Corp<\/a>., <a href=\"https:\/\/www.sec.gov\/files\/litigation\/admin\/2024\/33-11321.pdf\">Check Point Software Technologies Ltd<\/a>, <a href=\"https:\/\/www.sec.gov\/files\/litigation\/admin\/2024\/33-11322.pdf\">Mimecast Limited<\/a>, and <a href=\"https:\/\/www.sec.gov\/files\/litigation\/admin\/2024\/33-11323.pdf\">Unisys Corp<\/a>.\u00a0 All four of the cases have their roots in the SolarWind\u2019s Orion software cybersecurity hack.<\/p>\n<p>According to the SEC all four of the companies downplayed the impact of cybersecurity events.\u00a0 In the SEC\u2019s Press Release Jorge G. Tenreiro, Acting Chief of the Crypto Assets and Cyber Unit, stated, \u201cIn two of these cases, the relevant cybersecurity risk factors were framed hypothetically or generically when the companies knew the warned of risks had already materialized.\u201d \u00a0This is a recurring issue in cybersecurity cases and SEC comments.\u00a0 In another of the cases the company described a breach as having involved access to a limited number of email messages when in fact the company knew that 145 files, some of which involved sensitive company information, had been breached.\u00a0 The Unisys Corp. case also focused on deficient disclosure controls and procedures.<\/p>\n<p>You can read more details about each case and find links to each Order in the SEC\u2019s <a href=\"https:\/\/www.sec.gov\/newsroom\/press-releases\/2024-174\">Press Release<\/a>.<\/p>\n<p>All the companies entered into cease-and-desist orders and paid fines ranging from $990,000 to $4 million.<\/p>\n<p>As always, your thoughts and comments are welcome!<\/p>\n","protected":false},"excerpt":{"rendered":"<p>On October 22, 2024, the SEC announced settled enforcement actions against four companies focused on disclosures about cybersecurity risks and actual cybersecurity intrusions.\u00a0 The four companies were Avaya Holdings Corp., Check Point Software Technologies Ltd, Mimecast Limited, and Unisys Corp.\u00a0 All four of the cases have their roots in the SolarWind\u2019s Orion software cybersecurity hack. &hellip; <a href=\"https:\/\/seciblog.pli.edu\/index.php\/enforcement-for-cybersecurity-risk-disclosure-shortfalls\/\" class=\"more-link\">Continue reading <span class=\"screen-reader-text\">Enforcement for Cybersecurity Risk Disclosure Shortfalls<\/span> <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":9,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[261],"tags":[],"coauthors":[154],"class_list":["post-7592","post","type-post","status-publish","format-standard","hentry","category-enforcement"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"post_mailing_queue_ids":[],"_links":{"self":[{"href":"https:\/\/seciblog.pli.edu\/index.php\/wp-json\/wp\/v2\/posts\/7592","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/seciblog.pli.edu\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/seciblog.pli.edu\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/seciblog.pli.edu\/index.php\/wp-json\/wp\/v2\/users\/9"}],"replies":[{"embeddable":true,"href":"https:\/\/seciblog.pli.edu\/index.php\/wp-json\/wp\/v2\/comments?post=7592"}],"version-history":[{"count":0,"href":"https:\/\/seciblog.pli.edu\/index.php\/wp-json\/wp\/v2\/posts\/7592\/revisions"}],"wp:attachment":[{"href":"https:\/\/seciblog.pli.edu\/index.php\/wp-json\/wp\/v2\/media?parent=7592"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/seciblog.pli.edu\/index.php\/wp-json\/wp\/v2\/categories?post=7592"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/seciblog.pli.edu\/index.php\/wp-json\/wp\/v2\/tags?post=7592"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/seciblog.pli.edu\/index.php\/wp-json\/wp\/v2\/coauthors?post=7592"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}