Anjali C. Das

Anjali Das (Partner-Chicago, IL) authored “Cyber Disclosure Is a Mainstay in 2025 SEC Exam Priorities,” which appeared in the January 15, 2025, posting of Law360. Despite a new administration and a new SEC chair incoming, cybersecurity disclosures and risk management practices will remain important due to the growing threat of cyberattacks. Once management or the board determines that an incident is material, it must be reported in Form 8-K, Item 1.05, within four business days. Boilerplate or generic cybersecurity disclosures will not suffice. “Instead,” says Anjali, “companies should include sufficient detail for investors to understand the nature and scope of an incident, including the impact on the company's operations and finances. These cybersecurity disclosures should be updated as needed to reflect any substantive new information and developments.”