SEC Enforcement Increases on Major Public Company Issues

The U.S. Securities and Exchange Commission (SEC) has been busy in recent months, taking action on several important issues affecting public companies. These include cybersecurity incident disclosure, director independence, and Regulation Fair Disclosure (Reg FD) violations. Let’s take a look at what’s been happening.

Cyber Disclosure Enforcement Actions
Just last month, on October 22, 2024, the SEC announced charges against four companies for making misleading disclosures about cybersecurity incidents. These actions stemmed from the investigation of public companies affected by the SolarWinds Orion software compromise. The penalties ranged from $990,000 to $4 million, and the companies were found to have downplayed the severity of the breaches in their public disclosures. One company even described the risk of cybersecurity events as hypothetical, despite knowing they had experienced unauthorized access and data transfers. The SEC stressed the importance of not underestimating the impact of cyber breaches and highlighted the need for accurate and detailed disclosure.

Director Independence
Another noteworthy development came on September 30, 2024, when the SEC settled charges against a public company director for violating proxy disclosure rules. James Craigie, a former CEO and non-independent corporate director, failed to disclose his close personal friendship with a high-ranking executive when standing for election as an independent director. This led to misleading statements in the company’s proxy statements regarding his independence. This case serves as a reminder of the importance of transparency and disclosure when it comes to director independence.

These recent enforcement actions underscore the SEC’s commitment to upholding transparency and accountability in the financial industry. Public companies must ensure they accurately disclose cybersecurity incidents and maintain director independence to avoid potential violations. By staying informed and proactive, companies can prevent regulatory issues and maintain trust with stakeholders.