On June 15, 2021, the SEC announced a settlement with First American Financial Corporation for what the SEC found were inadequate disclosure controls and procedural violations, revealed in connection with a cyber incident last spring.

In a related development, recently the SEC’s Enforcement Division sent information requests to what appears to be a wide range of companies asking about how they responded to a high-profile software vulnerability that came to light in late 2020 involving an information technology company. The information requests in this new Enforcement sweep also ask recipients to provide information about other compromises, including those that were not disclosed at the time.

The authors of the article suggest that, with new Chair Gary Gensler now several months into establishing priorities at the SEC, it is possible that the First American settlement, in combination with the new Enforcement sweep, may signal the SEC Enforcement Division’s increasing scrutiny on cybersecurity disclosure policies and procedures.

Re­view the full text of the article.