Kate Hanniford on the SEC’s New Cyber Disclosure Rule
The Lawfare Podcast
The Lawfare Institute
4.7 • 6.4K Ratings
🗓️ 7 September 2023
⏱️ 39 minutes
🧾️ Download transcript
Summary
On July 26, the Securities and Exchange Commission adopted a final rule with new compliance and disclosure obligations surrounding material cybersecurity incidents. Lawfare Senior Editor Stephanie Pell sat down with Kate Hanniford, partner at Alston & Bird, to talk about the requirements and challenges this new rule presents. They talked about some of the problems and concerns that caused the SEC to engage in a rule-making process, when an incident rises to the level of a material cybersecurity incident, and whether the new rule is consistent with the National Cybersecurity Strategy’s goal of harmonizing disclosure and reporting requirements for companies.
Support this show http://supporter.acast.com/lawfare.
Hosted on Acast. See acast.com/privacy for more information.
Transcript
Click on a timestamp to play from that location
| 0:00.0 | The following podcast contains advertising to access an ad-free version of the LawFair |
| 0:07.2 | podcast become a material supporter of LawFair at patreon.com slash LawFair, that's patreon.com slash |
| 0:16.9 | LawFair. Also check out LawFair's other podcast offerings, rational security, chatter, LawFair |
| 0:25.6 | no bull and the aftermath. Whether you're driving to work, cycling to a friend's place or on |
| 0:35.5 | the way to your next holiday, Amazon Music has your news fix covered. As an Amazon Prime |
| 0:40.9 | member, you have access to ad-free top podcasts. To start listening, download the Amazon Music |
| 0:46.6 | app or visit amazon.co.uk slash on the go news. That's amazon.co.uk slash on the go news |
| 0:54.1 | and listen to your favorite podcasts on the go. |
| 0:57.5 | There's a real challenge there as a practical matter for a company that's experienced |
| 1:08.2 | as cybersecurity incident of any magnitude to try to figure out whether they have tripped |
| 1:14.6 | the materiality threshold or even if they're in the materiality zone because it's such |
| 1:19.5 | that the facts as they evolve in the middle of a cybersecurity incident, there can be a lot |
| 1:25.6 | of fog and it can be really messy and it's not at all uncommon to have an incident that |
| 1:30.3 | initially looks very severe and very damaging but after 24 hours, another 48 hour cycle, another |
| 1:37.2 | 72 hour cycle, as the investigation progresses and as you develop your forensic record, you learn |
| 1:43.6 | that in fact the scope is more limited than initially feared or that it's not as serious |
| 1:50.0 | of an incident as it initially appeared to be. There are also incidents that go the other way. |
| 1:55.5 | I'm Stephanie Pell, Senior Editor at Law Fair and this is the Law Fair Podcast September 7th, |
| 2:01.1 | 2023. On July 26th, the Securities and Exchange Commission adopted a final rule with new compliance |
| 2:09.1 | and disclosure obligations surrounding material cybersecurity incidents. I sat down with Kate |
| 2:15.9 | Hanifert, partner at Austin & Bird to talk about the requirements and challenges this new rule |
| 2:22.4 | presents. We talked about some of the problems and concerns that caused the SEC to engage in a |
... |
Please login to see the full transcript.
Disclaimer: The podcast and artwork embedded on this page are from The Lawfare Institute, and are the property of its owner and not affiliated with or endorsed by Tapesearch.
Generated transcripts are the property of The Lawfare Institute and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.
Copyright © Tapesearch 2026.