Cybersecurity & Data Privacy Communications

2024 Expectations From the SEC on AI, Cybersecurity and ESG

A wide range of topics are covered in the Securities and Exchange Commission’s (“SEC”) 2024 Examination Priorities,1 published late last year. Taking into consideration this year’s priorities, recent rules and a rapidly changing regulatory landscape, our experts discuss what to expect in the following three areas: artificial intelligence (“AI”), cybersecurity and environmental, social and governance (“ESG”).

The SEC notes that “cybersecurity remains a perennial focus area for all registrants.”4 Recent rules requiring a 72-hour disclosure window following a materiality designation and annual disclosures5 of risk mitigation and board governance strategies bring organizational responses and preparedness efforts into the spotlight. The SEC’s enforcement actions6 against Solar Winds and the company’s chief information security officer (“CISO”) indicate that less-than-forthcoming communications disclosure strategies could expose organizations to accusations of securities fraud — particularly with respect to misrepresenting or mischaracterizing the severity of a cybersecurity incident or their level of information security and preparedness.

What It Means

Organizations will likely remain hesitant to publicize at an early stage whether an incident has a significant impact on current or future revenues and it may take time for them to factor in reputation risk and loss of customer or investor trust into their determinations. It is possible that the SEC will continue to interpret poorly considered or excessively risk-averse communications strategies as misrepresentations, meaning that organizations must have effective strategies in place ahead of an incident.

Organizations should waste no time in considering how they will respond to an incident and how holistic strategies should flow from their decisions around filing, as publicly reporting an ongoing incident may significantly alter crisis communications considerations. They should consider how their risk mitigation and governance strategies will be viewed by the public and the media and have plans in place to mitigate negative scrutiny.

Related Expertise

The views expressed in this article are those of the author(s) and not necessarily the views of FTI Consulting, its management, its subsidiaries, its affiliates, or its other professionals.

©2024 FTI Consulting, Inc. All rights reserved. www.fticonsulting.com

Related Articles

4th Annual Shareholder Activism State of the Market

September 8, 2025—4th Annual Shareholder Activism State of the Market Request Report The 4th Annual Shareholder Activism State of the Mark...

Use It or Lose It: U.S. Hydrogen Industry Must Act To Maintain Momentum

July 12, 2025—Key takeaway: Following the passage of the “One Big Beautiful Bill Act”, time is of the essence for hydrogen produce...

Quick Analysis: ‘One Big Beautiful Bill’ Drives More Gas and Batteries, Less Renewables

July 3, 2025—With the recent passage of the “One Big Beautiful Bill” (“OBBB” or the “Legislation”),[1] FTI Consulting’s...

ESG+ Newsletter – 16 July 2026

July 16, 2026—We open this week’s ESG+ with the SEC’s new guidance requiring activist investors to disclose the identities...

IR Monitor – 15 July 2026

July 15, 2026—In this week’s newsletter: The stories that investor relations professionals need to read this week: Singapore and Hon...

Q2 2026 Health Insurance Payer-Provider Dispute Update

July 14, 2026—Coverage disruptions anticipated at the start of 2026, stemming from the implementation of the One Big Beautiful Bill Ac...