In a significant expansion of internal controls enforcement, the SEC announced a $2.1 million settlement with R.R. Donnelley & Sons Co. (“RRD”) for its handling of a 2021 ransomware attack and resulting disclosure failures. The settlement represents the SEC’s first application of its internal controls enforcement authority to include cybersecurity policies and procedures. The SEC’s interpretation applying its internal controls provision to cybersecurity policies and procedures represents a…
By: The Volkov Law Group
By: The Volkov Law Group
