Risk & Compliance/Legislation

T1-3B. The SEC and You: Understanding “Materiality”

Tuesday, June 11, 2024 8:00 AM - 9:00 AM

Room 3BC

Description
On July 26, 2023, the SEC adopted rules requiring registrants to disclose “material cybersecurity incidents” and to disclose every year “material information regarding their cybersecurity risk management, strategy, and governance.” This session will answer questions for infosec professionals, legal teams, CISOs, and the board dealing with the concept of materiality and these disclosures. In a storytelling format, I will explain the concept of “materiality” by examining: - TSC Industries, Inc. v. Northway, Inc., - Basic, Inc. v. Levinson, - Matrixx Initiatives, Inc. v. Siracusano, - Securities Act Rule 405, and - Exchange Act Rule 12b-2. Then, we will look at some hypothetical examples (based on real-life companies) to ask (1) whether the incident or information is material, (2) what should be disclosed, and (3) when.
Learner Objectives
After completion, attendees will - Have a greater understanding of “materialty”. - Understand some of the questions infosec professionals should be asking after an incident is discovered. - Be able to evaluate their organization’s preparation to face the legal issues presented.