Photo of Bryan Brewer

H. Bryan Brewer, III, is the co-chair of Crowell & Moring's Corporate Group and a partner in the firm's Privacy & Cybersecurity and International Trade groups.

Mr. Brewer is experienced in matters related to mergers and acquisitions, public securities, government contracts, intellectual property licensing and counseling, venture capital, export controls, and general corporate governance issues that affect both for-profit and non-profit companies. Included in this experience is a focus on the intersection of corporate and cybersecurity and privacy as well as counseling with companies focused on digital transformation issues.

As the latest 10-K filing period for corporations draws to a close, the Securities and Exchange Commission (SEC) is expected to intensify its scrutiny on whether companies’ filings adequately disclose both information security breaches that occurred in the past, and the material risks due to cyber threats such companies face in the future. Since the Senate Commerce Committee focused greater attention upon corporate cybersecurity in a letter to the SEC on May 12, 2011, momentum has been building for expanded corporate disclosure of cybersecurity safeguards and security breaches. In October 2011, the SEC issued guidance that publicly traded companies have a duty to disclose “material information regarding cybersecurity risks and cyber incidents” where failure to do so would make other disclosures misleading. Recent developments both inside and outside the SEC show that corporations can expect an even brighter spotlight this year upon their cybersecurity efforts – and shortfalls. Now more than ever, publicly traded companies need to be prepared to address, whether in responses to SEC comment letters or in preparing future filings, what material risks they may have due to cyber threats and whether they have taken steps to address such risks and vulnerabilities.
Continue Reading Putting the SEC Spotlight on Corporate Cyber Risks