Last week, a U.S district court dismissed most of the SEC’s claims against SolarWinds, just after the agency had advanced its efforts to regulate cybersecurity by adopting final amendments to Regulation S‑P. The amendments, which are the greatest sea change to date in SEC cyber oversight, mandate a novel incident response and notification regime that demands covered institutions thoroughly reconfigure current policies and procedures. In this guest article, Frankfurt Kurnit partner Richard Borden and associate Andrew Folks examine the Regulation S-P amendments’ key requirements and offer practical compliance steps. See “Key Implications and Practical Cyber Program Lessons From SEC’s R.R. Donnelley Settlement” (Jul. 10, 2024).