Workshop A – A Roadmap to Building a Cyber Program: Dissecting the Patchwork of Federal, State and Industry Requirements, Including NIST and SEC

Jan 28, 2025 9:00 am – 12:30 PM

Michael Court
Deputy General Counsel
Agricultural Bank of China, New York Branch

Amy Mushahwar
Partner
Lowenstein Sandler LLP

Registration opens at 8:30 am

Requirements, Including NIST and SEC Join this interactive session to gain a complete roadmap to the patchwork of federal, state and industry regulations. Under the SEC’s newly adopted cybersecurity risk management rules, public companies are now required to disclose a cyber breach publicly and within four days. This session will unpack the requirements, grey areas, practical implications and key missteps to avoid:

Part One: Federal Regulations

  • Setting the highest standard to satisfy government regulations and protect your organization
  • Implementing regulations and operationalizing them through policies and procedures
  • Clarifying key requirements, including deadlines
  • Satisfying SEC’s expectations for incident reporting within four days, and specifically the expectation for a Form 8-K and Form 10-K filing
  • Updating initial reports, and what is expected in follow-up reports
  • Defining a “material” cybersecurity incident as reaching a threshold reasonable investors consider important to their decision-making
  • Assessing the incident’s effects, remediation efforts, cyber insurance impacts, and estimated costs of a breach

Part Two: Complying with State, Federal and Industry Specific Requirements

  • Identifying what is being regulated, where there are similarities, differences and gaps between the regulations
  • Meeting reporting obligations and communicating to the different state regulators
  • Determining the impact of regulations on your business operations