SEC Expands Internal Controls Provision to Cover Cybersecurity Incidents and Reaches $2.1 Million Settlement with R.R. Donnelley & Sons Co.
In a significant expansion of internal controls enforcement, the SEC announced a $2.1 million settlement with R.R. Donnelley & Sons Co. (“RRD”) for its handling of a 2021 ransomware attack and resulting disclosure failures. The settlement represents the SEC’s first application of its internal controls enforcement authority to include cybersecurity policies and procedures. In 2021, RRD suffered a cyber attack in which a threat actor...
