What’s New in 2015: Cybersecurity, Financial Reporting and Disclosure Challenges

Posted by Kobi Kastiel, Co-editor, HLS Forum on Corporate Governance and Financial Regulation, on Wednesday February 18, 2015 at 9:02 am
  • Print
  • email
  • Twitter
Editor’s Note: The following publication comes to us from Weil, Gotshal & Manges LLP and is based on a Weil alert; the complete publication, including footnotes, is available here.

As calendar-year reporting companies close the books on fiscal 2014, begin to tackle their annual reports on Form 10-K and think ahead to reporting for the first quarter of 2015, a number of issues warrant particularly close board and management attention. In highlighting these key issues, we include guidance gleaned from the late Fall 2014 programs during which members of the staff of the Securities and Exchange Commission (SEC) and other regulators delivered important messages for companies and their outside auditors to consider. Throughout this post, we offer practical suggestions on “what to do now.”

While there are no major changes in the financial reporting and disclosure rules and standards applicable to the 2014 Form 10-K, companies can expect heightened scrutiny from regulators, and heightened professional skepticism from outside auditors, regarding compliance with existing rules and standards. Companies can also expect shareholders to have heightened expectations of transparency fostered by notable 2014 events such as major corporate cyber-attacks. Looking forward into 2015, companies will need to prepare for a number of significant changes, including a new auditing standard for related party transactions, a new revenue recognition standard and, for the many companies that have deferred its adoption, a new framework for evaluating internal control over financial reporting (ICFR). The role of the audit committee in helping the company meet these challenges is undiminished—and perhaps, in regulators’ eyes, more important than ever.

…continue reading: What’s New in 2015: Cybersecurity, Financial Reporting and Disclosure Challenges

Cybersecurity and Privacy Diligence in a Post-Breach World

Posted by Paul Ferrillo, Weil, Gotshal & Manges LLP, on Sunday February 15, 2015 at 9:00 am
  • Print
  • email
  • Twitter
Editor’s Note: Paul A. Ferrillo is counsel at Weil, Gotshal & Manges LLP specializing in complex securities and business litigation. This post is based on a Weil Alert authored by Mr. Ferrillo and Randi Singer; the complete publication, including footnotes, is available here.

“By the time you hear thunder, it’s too late to build the ark.”
— Unknown

In November 2014—just two weeks after Admiral Michael Rogers, director of the National Security Agency, testified to the House Intelligence Committee that certain nation-state actors had the capability of “infiltrating the networks of industrial-control systems, the electronic brains behind infrastructure like the electrical grid, nuclear power plants, air traffic control and subway systems”—Sony Pictures announced it had experienced a major cyber-attack, one many sources believe was likely perpetrated by or on behalf of a nation-state. This destructive cyber-attack was a game-changer for corporate America because it became clear that hackers are not simply focused on credit card numbers or personal information. Indeed, the attack on Sony was designed to steal the Company’s intellectual property, disseminate personal emails of high-ranking executives, and destroy Sony servers and hard drives, rendering them useless.

…continue reading: Cybersecurity and Privacy Diligence in a Post-Breach World

The Risky Business of Cybersecurity

Posted by David A. Katz, Wachtell, Lipton, Rosen & Katz, on Wednesday November 5, 2014 at 9:02 am
  • Print
  • email
  • Twitter
Editor’s Note: David A. Katz is a partner at Wachtell, Lipton, Rosen & Katz specializing in the areas of mergers and acquisitions and complex securities transactions. The following post is based on an article by Mr. Katz and Laura A. McIntosh that first appeared in the New York Law Journal; the full article, including footnotes, is available here.

The national and economic security of the United States depends on the reliable functioning of critical infrastructure. Cybersecurity threats exploit the increased complexity and connectivity of critical infrastructure systems, placing the Nation’s security, economy, and public safety and health at risk. Similar to financial and reputational risk, cybersecurity risk affects a company’s bottom line. It can drive up costs and impact revenue. It can harm an organization’s ability to innovate and to gain and maintain customers.

—National Institute for Standards and Technology, Framework for Improving Critical Infrastructure Cybersecurity, Version 1.0

In today’s technology driven environment, public companies must constantly confront the challenge of cybersecurity, in its complex, varied, and ever-adapting forms. Cybersecurity breaches regularly fill the headlines, the costs of cybercrime are skyrocketing, and the repercussions of corporate cyber-attacks are felt all the way from chief executives to retail customers. President Barack Obama has stated that “the private sector and the government can, and should, work together to meet this shared challenge,” while FBI Director Robert S. Mueller has described “the critical role the private sector must play in cyber security.” As companies become increasingly dependent on networked technology, and as an expanding number of people conduct transactions and other activities online, cybersecurity will continue to grow in importance for the business community, for the global economy, and for society at large.

…continue reading: The Risky Business of Cybersecurity

Understanding and Implementing the NIST Cybersecurity Framework

Posted by Yaron Nili, Co-editor, HLS Forum on Corporate Governance and Financial Regulation, on Monday August 25, 2014 at 9:03 am
  • Print
  • email
  • Twitter
Editor’s Note: The following post comes to us from Paul A. Ferrillo, counsel at Weil, Gotshal & Manges LLP specializing in complex securities and business litigation, and is based on an article authored by Mr. Ferrillo and Tom Conkle.

Why the Cybersecurity Framework was created and why it is so important

Despite the fact that companies are continuing to increase spending on cybersecurity initiatives, data breaches continue to occur. According to The Wall Street Journal, “Global cybersecurity spending by critical infrastructure industries was expected to hit $46 billion in 2013, up 10% from a year earlier according to Allied Business Intelligence Inc.” [1] Despite the boost in security spending, vulnerabilities, threats against these vulnerabilities, data breaches and destruction persist. To combat these issues, the President on February 12, 2013 issued Executive Order (EO) 13636, “Improving Critical Infrastructure Cybersecurity.” [2] The EO directed NIST, in cooperation with the private sector, to develop and issue a voluntary, risk-based Cybersecurity Framework that would provide U.S. critical infrastructure organizations with a set of industry standards and best practices to help manage cybersecurity risks.

…continue reading: Understanding and Implementing the NIST Cybersecurity Framework

White House Releases NIST Cybersecurity Framework

Posted by Holly J. Gregory, Sidley Austin LLP, on Sunday February 23, 2014 at 9:00 am
  • Print
  • email
  • Twitter
Editor’s Note: Holly J. Gregory is a partner and co-global coordinator of the Corporate Governance and Executive Compensation group at Sidley Austin LLP. This post is based on a Sidley update by Alan Raul and Ed McNicholas.

On February 12, the White House released the widely anticipated Framework for Improving Critical Infrastructure Cybersecurity (“the Framework”). Developed pursuant to Executive Order 13636 (issued in February 2013), the Framework strongly encourages companies across the financial, communications, chemical, transportation, healthcare, energy, water, defense, food, agriculture, and other critical infrastructure sectors to implement and comply with its voluntary standards. The provisions set forth in the Framework may establish a new baseline for industry standard practices, and may impact or guide FTC enforcement actions and plaintiff data breach lawsuits.

…continue reading: White House Releases NIST Cybersecurity Framework

Cybersecurity Risks and the Board of Directors

Posted by David A. Katz, Wachtell, Lipton, Rosen & Katz, on Sunday December 16, 2012 at 10:20 am
  • Print
  • email
  • Twitter
Editor’s Note: David A. Katz is a partner at Wachtell, Lipton, Rosen & Katz specializing in the areas of mergers and acquisitions and complex securities transactions. This post is based on an article by Mr. Katz and Laura A. McIntosh that first appeared in the New York Law Journal; the full article, including footnotes, is available here.

As boards of directors examine the risks that their companies face, corporate cybersecurity issues loom large. Forty-eight percent of directors (and 55 percent of general counsel) cited data security as their top concern in a recent study by Corporate Board Member/FTI Consulting. These numbers have roughly doubled since 2008, when only a quarter of directors and general counsel cited data security as a major concern. With revenues, intellectual property, business relationships and customer confidence potentially at stake, directors should consider whether their companies and management teams are adequately addressing the growing threat of cybersecurity in the new high-tech landscape.

Cybersecurity risk is a difficult and intimidating topic for corporate boards to consider. However, it is important to keep in mind that cybersecurity risk is only one of many areas of risk that are overseen by boards of directors and that, in most cases, the usual strategies and procedures for evaluating and managing risk can apply. Directors are not expected to be experts in this area and are entitled to rely upon management and outside experts for information and advice. Nonetheless, directors should request that management reports to the board on the steps the company is taking to mitigate cyber threats, and directors should consider whether the company is appropriately assessing its risks and devoting adequate resources to the issue. The business judgment rule remains the standard for evaluating decisions taken by a board in this area.

…continue reading: Cybersecurity Risks and the Board of Directors

Private Equity Fund Managers: Annual Compliance Reminders and New Developments

Editor’s Note: The following post comes to us from David J. Greene, partner focusing on investment fund formation, structuring, and related transactions at Latham & Watkins LLP, and is based on a Latham client alert by Mr. Greene, Amy Rigdon, Barton Clark, and Nabil Sabki.

US federal laws and regulations, as well as the rules of self-regulatory organizations, impose numerous yearly reporting and compliance obligations on private equity firms. While these obligations include many routine and ongoing obligations, new and emerging regulatory developments also impact private equity firms’ compliance operations. This post provides a round-up of certain annual or periodic investment advisory compliance-related requirements that apply to many private equity firms. In addition, this post highlights material regulatory developments in 2014 as well as a number of expectations regarding areas of regulatory focus for 2015.

…continue reading: Private Equity Fund Managers: Annual Compliance Reminders and New Developments

Chairman’s Address at SEC Speaks 2015

Posted by Mary Jo White, Chair, U.S. Securities and Exchange Commission, on Wednesday February 25, 2015 at 9:04 am
  • Print
  • email
  • Twitter
Editor’s Note: Mary Jo White is Chair of the U.S. Securities and Exchange Commission. This post is based on Chair White’s recent address at the Practising Law Institute’s SEC Speaks in 2015 Conference; the full text, including footnotes, is available here. The views expressed in this post are those of Chair White and do not necessarily reflect those of the Securities and Exchange Commission, the other Commissioners, or the Staff.

By every meaningful measure, 2014 was a year of significant accomplishment across all of the agency’s areas of responsibility. The year was highlighted by the completion of several transformative rulemakings, including new policy reforms to address faults exposed during the financial crisis and initiatives to better address vulnerabilities in the resiliency and integrity of our markets. It was also an unprecedented year in enforcement, in terms of the number of cases and, more importantly, their subject matter. We made important strides in our review and action plans for optimizing the structure of our equity and fixed income markets, enhancing our risk supervision of the asset management industry and bolstering the effectiveness of public company disclosure. We also significantly strengthened our examination coverage of market participants. But, as always, we have more to do and expect a very busy 2015.

…continue reading: Chairman’s Address at SEC Speaks 2015

Key Considerations for Board and Audit Committee Members

Posted by Mary Ann Cloyd, PricewaterhouseCoopers LLP, on Tuesday February 17, 2015 at 9:05 am
  • Print
  • email
  • Twitter
Editor’s Note: Mary Ann Cloyd is leader of the Center for Board Governance at PricewaterhouseCoopers LLP. This post is based on a PwC’s 2014-2015 Key considerations for board and audit committee members report.

The changing business landscape, technological advances, and significant risks such as cybersecurity continue to present opportunities and challenges for companies today. Directors will want to take a fresh and critical look at their boardroom agenda to ensure it is meeting today’s needs.

PwC’s 2014-2015 edition of Key considerations for board and audit committee members, an annual publication from PwC’s Center for Board Governance, can help enhance the quality of board and management discussions in the coming year.

Here are some highlights:

…continue reading: Key Considerations for Board and Audit Committee Members

Changing the Cyber Security Playing Field in 2015

Posted by Paul Ferrillo, Weil, Gotshal & Manges LLP, on Tuesday January 20, 2015 at 8:36 am
  • Print
  • email
  • Twitter
Editor’s Note: Paul A. Ferrillo is counsel at Weil, Gotshal & Manges LLP specializing in complex securities and business litigation. This post is based on a Weil Alert authored by Mr. Ferrillo; the complete publication, including footnotes, is available here.

“If this incident [Sony] isn’t a giant wake-up call for U.S. corporations to get serious about cybersecurity, I don’t know what is. I’ve done more than two dozen speaking engagements around the world this year, and one point I always try to drive home is that far too few organizations recognize how much they have riding on their technology and IT operations until it is too late. The message is that if the security breaks down, the technology stops working—and if that happens the business can quickly grind to a halt. But you would be hard-pressed to witness signs that most organizations have heard and internalized that message, based on their investments in cybersecurity relative to their overall reliance on it.”

— Author Brian Krebs, Dec. 20, 2014.

“For those worried that what happened to Sony could happen to you, I have two pieces of advice. The first is for organizations: take this stuff seriously. Security is a combination of protection, detection and response. You need prevention to defend against low-focus attacks and to make targeted attacks harder. You need detection to spot the attackers who inevitably get through. And you need response to minimize the damage, restore security and manage the fallout.”

— Professor Bruce Schneier, Dec. 19, 2014.

Without a doubt, the last month in the world of cyber security has been tumultuous. It has now been confirmed that two companies in the United States have potentially been the subject of cyber-terrorism. Servers have been taken down or wiped out. Businesses have been significantly disrupted. Personally identifiable employee information has been shoveled by the pound onto Internet credit card “market” sites. The cyber security world has changed. And two of the most respected men in cyber security have both iterated similar messages: it is time for U.S. corporations to take this stuff seriously.

…continue reading: Changing the Cyber Security Playing Field in 2015

Next Page »
 
  •  » A "Web Winner" by The Philadelphia Inquirer
  •  » A "Top Blog" by LexisNexis
  •  » A "10 out of 10" by the American Association of Law Librarians Blog
  •  » A source for "insight into the latest developments" by Directorship Magazine