TechCrunch and CyberWire Daily podcast shared comments made by Partner and Securities Enforcement Defense Co-Chair Danette Edwards as a panelist at the ShmooCon hacker conference in Washington, DC on the expanding legal risks for companies and their Chief Information Security Officers (CISOs) relating to cybersecurity incidents. Citing the Securities and Exchange Commission's (SEC) rule requiring public disclosure of "material cybersecurity incidents," Danette predicted a surge in initial Form 8-K reports, likely followed by multiple 8-K filings about the same incidents as companies learn more about the events over time. Danette discussed the negative inferences that regulators might be inclined to draw from an incomplete documentary record about a company's control environment and cyber incidents, and indicated that thorough documentation and careful communication are important tools for mitigating legal risks.

"As hacks worsen, SEC turns up the heat on CISOs," TechCrunch, January 17, 2024

"Maximum severity vulnerability needs critical updates," CyberWire Daily, January 17, 2024