October 2023 Midwest Cyber Security Alliance Meeting | Understanding the Impact of the SEC Cybersecurity Rules

While the U.S. Securities and Exchange Commission’s (SEC) Cybersecurity Disclosure Rules may appear daunting, compliance is achievable. While the focus of the new Rules is on public companies, the impacts will be felt by nonpublic companies as well.

Join us on Wednesday, October 11, 2023 — in-person or live-streaming — at the next Midwest Cyber Security Alliance (MCSA) meeting, where sponsors HALOCK Security Labs and Foley & Lardner LLP will give you the combined legal and cyber risk management perspective. Know the dates of compliance. Understand the disclosure obligations. Identify steps to take and existing documents to leverage.

Learn More

Companies should think about this new rulemaking as being akin to Sarbanes-Oxley in that they will need to implement measurable cybersecurity risk management practices and controls from bottom-to-top-and-back to support new disclosure requirements. As a result, the risk of not meeting certain cybersecurity standards may come from the street, as well as regulators. The rules require that companies disclose their cybersecurity practices and incidents, not that they meet a specific standard of care, such as NIST 800-53 or CIS Controls.

At a high level, the new rules require the following:

1. Disclosure in annual reports about your processes to assess, identify, and manage cybersecurity threats.
2. New Form 8-K disclosure around material cybersecurity incidents.
3. Disclosure of how your board of directors and executives identify and manage cybersecurity risks.
4. Consideration of cybersecurity threats in terms of materiality — qualitative and quantitative — both to the organization and to others who might be harmed.

We look forward to a lively discussion of this rule and seeing how MCSA members are approaching efforts to comply.

Two Ways to Join

In addition to welcoming local attendees to the scenic 40th floor of our Milwaukee office, we are pleased to continue offering a virtual option for those not able to attend in person.

To register, click here and select in-person or virtual attendance. There is no fee to attend this event, but advance registration is required.

CLE

Applications for accreditation will be submitted to CO, FL, NY, and WI (50-minute hour); and CA, IL, TX, UT, and VA (60-minute hour) for up to 1.50 credit hours. Uniform Certificates of Attendance will be provided to attendees seeking credit in other jurisdictions.

Foley & Lardner LLP is an approved MCLE provider in California, Colorado, Illinois, New York, Texas, and Utah.

For purposes of New York CLE credit, this program is appropriate for experience attorneys only. Certificates of attendance will be distributed to eligible participants approximately eight weeks after the program via email. For questions regarding CLE, please email [email protected].

In-person attendee instructions:

To be eligible for CLE credit, fully complete and sign the CLE Attendance Form provided on-site and return it to the registration table before you leave the program. Be sure to indicate your sign-in and sign-out times on this form as well, regardless of whether you arrive late, leave early, or attend the full duration of the program.

Important Information for New York / New Jersey Attorneys: Per recent New York State Bar requirements, when you return your completed CLE Attendance Form to the registration table upon leaving the program, you must also have Foley staff review and initial your form to verify your attendance.

Remote attendee instructions:
To be eligible for CLE credit, you will need to be logged into the Microsoft Teams meeting for the full duration of the live event; credit may not be obtained by viewing and/or listening to a program recording after the event. Your first and last names must also be entered upon joining the meeting and displayed throughout the program. Additionally, you will need to complete and return the Attorney Affirmation Form that will be made available.

CPE

This program may be eligible for continuing privacy education (CPE) credit toward CISA, CISM, CGEIT, and/or CRISC certifications and maintenance. Please visit the ISACA website to review the specific CPE requirements for your certification and verify whether the topic(s) addressed in this program align with one or more of your certification’s job practice areas: CISA, CISM, CGEIT, and CRISC. If determined to be eligible, an ISACA Verification of Attendance form will be made available for self-reporting purposes.