SEC orders R.R. Donnelley to pay $2.1M over cyber-related control violations

SEC office

A business communications and marketing services company agreed to pay more than $2 million to settle charges levied by the Securities and Exchange Commission (SEC) over cybersecurity-related control violations.

Chicago-based R.R. Donnelley & Sons Company (RRD) agreed to cease and desist from further violations in reaching the settlement, the SEC announced in a press release Tuesday. RRD failed to “design effective disclosure controls and procedures to report relevant cybersecurity information to management with the responsibility for making disclosure decisions and failed to carefully assess and respond to alerts of unusual activity in a timely manner,” the SEC alleged.

The agency acknowledged the firm’s prompt reporting of a ransomware incident to agency staff before public disclosure, cooperation throughout the investigation, and voluntarily adopting new cybersecurity technology and controls.

lock iconTHIS IS MEMBERS-ONLY CONTENT. To continue reading, choose one of the options below.