In a New York Law Journal article, data, privacy & cybersecurity partner Ed McNicholas examined how the SEC’s punitive approach to cybersecurity risk in its proposed regulations may be harmful to advancing cybersecurity at public companies and regulated entities.
“The SEC certainly has a role to play in cybersecurity, and the agency should be lauded for its focus on corporate governance,” said the authors. Nevertheless, “instead of taking a punitive approach to regulating entities victimized by a cyberattack, the SEC should instead strive to cooperate with firms managing such crises, providing, for example, safe harbors for entities that comply with approved security standards. This would effectively enhance cybersecurity, encourage the implementation of sound cyber hygiene rules, and cut down on frivolous enforcement actions so the SEC can focus on matters involving real misconduct.”
Stay Up To Date with Ropes & Gray
Ropes & Gray attorneys provide timely analysis on legal developments, court decisions and changes in legislation and regulations.
Stay in the loop with all things Ropes & Gray, and find out more about our people, culture, initiatives and everything that’s happening.
We regularly notify our clients and contacts of significant legal developments, news, webinars and teleconferences that affect their industries.