On March 9, 2023, the Securities and Exchange Commission (“SEC”) brought an enforcement action against a public company, Blackbaud Inc. (“Blackbaud” or the “Company”), alleging that it had made misleading disclosures about a 2020 ransomware attack.
This is the fourth SEC settled enforcement action concerning disclosures following a cyberattack. This development highlights increased regulatory scrutiny that public companies face related to cyberattacks and serves as a potential prelude to the SEC’s aggressiveness in enforcing its upcoming revised rules on cybersecurity incident disclosures.
Please click here to continue reading on the Cleary Cybersecurity and Privacy Watch blog.