2024 Expectations From the SEC on AI, Cybersecurity and ESG
A wide range of topics are covered in the Securities and Exchange Commission’s (“SEC”) 2024 Examination Priorities,1 published late last year. Taking into consideration this year’s priorities, recent rules and a rapidly changing regulatory landscape, our experts discuss what to expect in the following three areas: artificial intelligence (“AI”), cybersecurity and environmental, social and governance (“ESG”).
The SEC notes that “cybersecurity remains a perennial focus area for all registrants.”4 Recent rules requiring a 72-hour disclosure window following a materiality designation and annual disclosures5 of risk mitigation and board governance strategies bring organizational responses and preparedness efforts into the spotlight. The SEC’s enforcement actions6 against Solar Winds and the company’s chief information security officer (“CISO”) indicate that less-than-forthcoming communications disclosure strategies could expose organizations to accusations of securities fraud — particularly with respect to misrepresenting or mischaracterizing the severity of a cybersecurity incident or their level of information security and preparedness.
What It Means
Organizations will likely remain hesitant to publicize at an early stage whether an incident has a significant impact on current or future revenues and it may take time for them to factor in reputation risk and loss of customer or investor trust into their determinations. It is possible that the SEC will continue to interpret poorly considered or excessively risk-averse communications strategies as misrepresentations, meaning that organizations must have effective strategies in place ahead of an incident.
Organizations should waste no time in considering how they will respond to an incident and how holistic strategies should flow from their decisions around filing, as publicly reporting an ongoing incident may significantly alter crisis communications considerations. They should consider how their risk mitigation and governance strategies will be viewed by the public and the media and have plans in place to mitigate negative scrutiny.
Related Expertise
The views expressed in this article are those of the author(s) and not necessarily the views of FTI Consulting, its management, its subsidiaries, its affiliates, or its other professionals.
©2024 FTI Consulting, Inc. All rights reserved. www.fticonsulting.com
