Public Company Innovation Hub

The server-related outages caused by CrowdStrike’s defective software update on July 19, 2024, will have implications for public companies, particularly in light of the SEC’s new cybersecurity disclosure rules. In this alert, we cover various responses that a public company should consider, from ensuring compliance with applicable policies to performing risk assessments and gap analyses to evaluating implications for their internal controls and disclosure controls and procedures.

On June 18, 2024, the Securities and Exchange Commission (SEC) announced that it had settled claims against RR Donnelley (RRD) related to a 2021 ransomware and cyber extortion attack. The action against RRD reflects the SEC’s continued expansive use of the internal accounting controls provision of Exchange Act Section 13(b)(2)(B) – now in the context of cybersecurity incidents – and has implications for security professionals and legal counsel concerning incident detection and escalation procedures, along with the steps necessary for the investigation and remediation of cybersecurity incidents (in this case, a ransomware attack). Read our summary of the RRD matter and next steps and action items.

Cooley Rx is a virtual series focused on the life sciences and healthcare sectors. Join Cooley’s life sciences and ESG teams – including lawyers Beth Sasfai, Michael Mencher, Div Gupta and Megan Taing – as they discuss how and when environmental, social and governance (ESG) issues become relevant to growth-stage companies, unique concerns for life sciences ESG strategy, recent trends in life sciences ESG activity and more.

Learn more about the Securities and Exchange Commission Division of Corporation Finance's new guidance on disclosure of cybersecurity incidents, the SEC chair's statement on the pending crypto bill in Congress, the Fifth Circuit vacating SEC private fund adviser rules, a WTW memo on trends gleaned from two years of pay-versus-performance disclosure, Bloomberg Law's analysis of Nasdaq diversity data, a report showing that good ESG profiles may fetch a premium in the market, and special advice from Cooley's Beth Sasfai on how boards should oversee company climate reporting readiness in the current state of uncertainty and volatility.

Cooley’s AI Talks series highlights multidisciplinary perspectives on artificial intelligence and showcases the firm’s subject matter knowledge on the intricacies – and complexities – of large language models, machine learning and AI technology. This session covered considerations for public companies related to artificial intelligence, discussing key business implications and risks of AI, AI-related compliance considerations, anticipated areas of regulator focus and steps companies can take to address AI.

On April 12, 2024, the US Supreme Court reversed the US Court of Appeals for the Second Circuit’s decision in Macquarie v. Moab Partners and held that a pure omission cannot form the basis of a securities fraud claim under Rule 10b-5(b).

On March 6, 2024, the Securities and Exchange Commission (SEC) is expected to adopt long-awaited rules on climate-related disclosures. Join us on Tuesday, March 12, for an insightful webinar as our ESG & sustainability team examines the core provisions of the climate rules, analyze potential challenges in their interpretation and application, and highlight risks that reporting companies may encounter.