According to a recently-released meeting agenda, the Securities and Exchange Commission’s (“SEC”) upcoming July 26, 2023 meeting will include consideration of adopting rules to enhance disclosures regarding cybersecurity risk management, governance, and incidents by publicly traded companies. 

The SEC initially proposed these rules in March 2022.  If adopted as proposed, the new rules would require publicly traded companies to publicly disclose a cybersecurity incident within four business days of determining that the incident is material, and to provide disclosure in periodic reports about certain cybersecurity governance practices.  The proposed rule has been subject to two comment periods; after the original comment period ended in May 2022, the SEC re-opened the comment period between October-November 2022. The SEC is considering additional rules that implicate cybersecurity considerations and are in various phases of comment and revision for investment advisors, broker-dealers, clearing agencies, major security-based swap participants, the Municipal Securities Rulemaking Board, national securities associations, national securities exchanges, security-based swap data repositories, security-based swap dealers, and transfer agents.

Tags: Cybersecurity, Financial Institutions
Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Micaela McMurrough Micaela McMurrough

Micaela McMurrough serves as co-chair of Covington’s global and multi-disciplinary Technology Group, as co-chair of the Artificial Intelligence and Internet of Things (IoT) initiative. In her practice, she has represented clients in high-stakes antitrust, patent, trade secrets, contract, and securities litigation, and other…

Micaela McMurrough serves as co-chair of Covington’s global and multi-disciplinary Technology Group, as co-chair of the Artificial Intelligence and Internet of Things (IoT) initiative. In her practice, she has represented clients in high-stakes antitrust, patent, trade secrets, contract, and securities litigation, and other complex commercial litigation matters, and she regularly represents and advises domestic and international clients on cybersecurity and data privacy issues, including cybersecurity investigations and cyber incident response. Micaela has advised clients on data breaches and other network intrusions, conducted cybersecurity investigations, and advised clients regarding evolving cybersecurity regulations and cybersecurity norms in the context of international law.

In 2016, Micaela was selected as one of thirteen Madison Policy Forum Military-Business Cybersecurity Fellows. She regularly engages with government, military, and business leaders in the cybersecurity industry in an effort to develop national strategies for complex cyber issues and policy challenges. Micaela previously served as a United States Presidential Leadership Scholar, principally responsible for launching a program to familiarize federal judges with various aspects of the U.S. national security structure and national intelligence community.

Prior to her legal career, Micaela served in the Military Intelligence Branch of the United States Army. She served as Intelligence Officer of a 1,200-member maneuver unit conducting combat operations in Afghanistan and was awarded the Bronze Star.

Read more about Micaela McMurroughEmail
Show more Show less
Photo of Ashden Fein Ashden Fein

Ashden Fein is co-chair of Covington’s Data Privacy and Cybersecurity Practice. He advises clients on cybersecurity and national security matters, including crisis management and incident response, risk management and governance, government and internal investigations, and regulatory compliance. Ashden also serves as lead counsel…

Ashden Fein is co-chair of Covington’s Data Privacy and Cybersecurity Practice. He advises clients on cybersecurity and national security matters, including crisis management and incident response, risk management and governance, government and internal investigations, and regulatory compliance. Ashden also serves as lead counsel in criminal, civil, and internal investigations involving cybersecurity, insider risk, and U.S. national security issues.

Ashden regularly counsels clients on preparing for and responding to cyber-based attacks, assessing security controls and practices for the protection of data and systems, developing and implementing cybersecurity risk management and governance programs, and complying with federal and state regulatory requirements. Ashden frequently supports clients as the lead investigator and crisis manager for global cyber and data security incidents, including data breaches involving personal data, advanced persistent threats targeting intellectual property across industries, state-sponsored theft of sensitive U.S. government information, extortion and ransomware, and destructive attacks.

Ashden also assists clients from across industries with leading internal investigations and responding to government inquiries related to U.S. national security and insider risks. He frequently represents government contractors in False Claims Act matters involving cybersecurity and national security. Additionally, he advises aerospace, defense, and intelligence contractors on security compliance under U.S. national security laws and regulations including, among others, the National Industrial Security Program (NISPOM), U.S. government cybersecurity regulations, FedRAMP, and requirements related to supply chain security.

Before joining Covington, Ashden served on active duty in the U.S. Army as a Military Intelligence officer and prosecutor specializing in cybercrime and national security investigations and prosecutions — to include serving as the lead trial lawyer in the prosecution of Private Chelsea (Bradley) Manning for the unlawful disclosure of classified information to Wikileaks. Ashden is a retired U.S. Army officer.

Read more about Ashden FeinEmail
Show more Show less
Photo of David H. Engvall David H. Engvall

David Engvall advises public companies on a wide range of securities, capital markets, corporate governance, and related matters. In the capital markets area, he has handled a range of transactions, including registered and unregistered offerings of common and preferred stock, investment grade and…

David Engvall advises public companies on a wide range of securities, capital markets, corporate governance, and related matters. In the capital markets area, he has handled a range of transactions, including registered and unregistered offerings of common and preferred stock, investment grade and high yield debt securities, convertible securities, and trust units. He advises companies in a number of industries. David’s transactional experience also includes equity and debt tender offers, investments and M&A transactions.

David advises public company clients on a wide variety of disclosure, SEC compliance, transactional, and corporate governance matters. David is actively engaged in advising clients on a wide range of specific securities law topics, including executive compensation, beneficial ownership reporting, environmental, social and governance (“ESG”) reporting, and specialized disclosures such as those pertaining to conflict minerals. In the corporate governance area, he advises clients on topics such as Board committee charters, shareholder activism, management succession planning, and director independence.

Read more about David H. EngvallEmail
Show more Show less
Photo of Caleb Skeath Caleb Skeath

Caleb Skeath helps companies manage their most complex and high‑stakes cybersecurity and data security challenges, combining deep regulatory insight, technical fluency, and practical judgment informed by leading incident response matters.

Caleb Skeath advises in‑house legal and security teams on the full lifecycle of…

Caleb Skeath helps companies manage their most complex and high‑stakes cybersecurity and data security challenges, combining deep regulatory insight, technical fluency, and practical judgment informed by leading incident response matters.

Caleb Skeath advises in‑house legal and security teams on the full lifecycle of cybersecurity and privacy risk—from governance and preparedness through incident response, regulatory engagement, and follow‑on litigation. A Certified Information Systems Security Professional (CISSP), he is trusted by clients across highly regulated and technology‑driven sectors to provide clear, practical guidance at moments when legal judgment, technical understanding, and business realities must be aligned.

Caleb has deep experience leading and overseeing responses to complex cybersecurity incidents, including ransomware, data theft and extortion, business email compromise, advanced persistent threats and state-sponsored threat actors, insider threats, and inadvertent data loss. He regularly helps in‑house counsel structure and manage investigations under attorney‑client privilege; coordinate with internal IT, information security, and executive stakeholders; and engage with forensic firms, crisis communications providers, insurers, and law enforcement. A central focus of his practice is advising on notification obligations and strategy, including the application of U.S. federal and state data breach notification laws and requirements along with contractual notification obligations, and helping companies make defensible, risk‑informed decisions about timing, scope, and messaging.

In addition to his work responding to cybersecurity incidents, Caleb works closely with clients’ legal, technical, and compliance teams on cybersecurity governance, regulatory compliance, and pre‑incident planning. He has extensive experience drafting and reviewing cybersecurity policies, incident response plans, and vendor contract provisions; supervising cybersecurity assessments under privilege; and advising on training and tabletop exercises designed to prepare organizations for real‑world incidents. His work frequently involves translating evolving regulatory expectations into actionable guidance for in‑house counsel, including in highly-regulated sectors such as the financial sector (including compliance with NYDFS cybersecurity regulations, the Computer Security Incident Notification Rule, and GLBA guidelines and guidance) and the pharmaceutical and healthcare sector (including compliance with GxP standards, FDA medical device guidance, and HIPAA).

Caleb’s practice also addresses evolving and emerging areas of cybersecurity and data security law, including advising clients on compliance with the Department of Justice’s Data Security Program, CISA‑related security requirements for restricted transactions, and preparation for new regulatory regimes such as the CCPA cybersecurity audit requirements and federal incident reporting obligations. He regularly counsels clients on how artificial intelligence and connected devices intersect with cybersecurity, privacy, and consumer protection risk, and how to support innovation while managing regulatory exposure.

Caleb also has extensive experience helping clients navigate high-stakes cybersecurity-related inquiries from the Federal Trade Commission, state Attorneys General, and other sector-specific regulators, including incident-specific inquiries as well as broader inquiries related to an entity’s cybersecurity practices and the security of product or service offerings. For companies that have entered into cybersecurity-related settlement agreements with regulators, Caleb has helped guide them through compliance with settlement agreement obligations, including navigating required third-party assessments and strategically responding to cybersecurity incidents that can arise while a company is subject to a settlement agreement. Caleb also routinely works hand-in-hand with colleagues in Covington’s class action litigation, commercial litigation, and insurance recovery practices to prepare for and successfully navigate incident-related disputes that can devolve into litigation.

Read more about Caleb SkeathEmail
Show more Show less
Photo of Kerry Burke Kerry Burke

Strategic Counsel for Capital Markets, Corporate Governance, and Securities Advisory

Kerry Shannon Burke delivers board-level guidance and transaction execution that drives business results for public and private companies. With more than 25 years of experience advising on capital markets transactions, corporate governance and…

Strategic Counsel for Capital Markets, Corporate Governance, and Securities Advisory

Kerry Shannon Burke delivers board-level guidance and transaction execution that drives business results for public and private companies. With more than 25 years of experience advising on capital markets transactions, corporate governance and public company reporting and compliance matters, Kerry is trusted by boards and the C-suite to translate legal complexity into business clarity, anticipate regulatory risk, and deliver measurable outcomes that support strategic growth and governance priorities.

Capital Markets and Financing Expertise

Kerry structures and closes high-value transactions—including IPOs, private placements, debt and equity financings and acquisition financing—for issuers ranging from emerging growth companies to Fortune 500 enterprises, as well as underwriters and institutional investors. Her approach emphasizes speed, precision and risk mitigation to protect enterprise value.

Corporate Governance Leadership

Boards and senior management rely on Kerry for actionable guidance on SEC and ESG reporting, governance strategy, cybersecurity disclosure, succession planning and compliance program design. She also assists private companies with IPO readiness, advising on board independence, internal controls and disclosure frameworks that withstand regulatory scrutiny.
Specialized Investment Advisers Act Counsel

Kerry also is an authority on the Investment Advisers Act, advising private equity, hedge and venture capital funds and financial institutions on status determinations and ongoing compliance, ensuring alignment with evolving regulatory standards.

Read more about Kerry BurkeEmail
Show more Show less
Photo of Shayan Karbassi Shayan Karbassi

Shayan Karbassi helps clients across industries navigate complex national security and cybersecurity matters to include government and internal investigations, incident and crisis response, regulatory compliance, and litigation.

As part of his cyber practice, Shayan assists clients with cybersecurity incident response and notification obligations…

Shayan Karbassi helps clients across industries navigate complex national security and cybersecurity matters to include government and internal investigations, incident and crisis response, regulatory compliance, and litigation.

As part of his cyber practice, Shayan assists clients with cybersecurity incident response and notification obligations, government and internal investigations of False Claims Act (FCA) issues and insider threats, and compliance with new and evolving federal and state cybersecurity regulations. Shayan also advises U.S. government contractors on security compliance under U.S. national security laws and regulations including, among others, the National Industrial Security Program (NISPOM), Federal Risk and Authorization Management Program (FedRAMP), and other U.S. government cybersecurity regulations.

More broadly, Shayan helps clients navigate potential civil and criminal legal risks stemming from operations in certain high-risk jurisdictions. This includes advising clients on U.S. criminal and civil antiterrorism laws, conducting internal investigations of terrorism-financing and related issues, and litigating Anti-Terrorism Act (ATA) claims.

Shayan maintains an active pro bono litigation practice with a focus on human rights, freedom of information, and free media issues.

Before joining Covington, Shayan served as a member of the U.S. intelligence community, where he routinely provided strategic analysis to the President and other senior U.S. policymakers.

Read more about Shayan KarbassiEmail
Show more Show less