Businesses that are subject to the NYDFS Cybersecurity Regulations have four weeks left to submit their annual notices of compliance or acknowledge their noncompliance. When the regulations were amended in 2023, several of...more
The FAR Council issued a proposed rule that would amend the several FAR provisions and add new clauses to provide guidance on the safe handling of CUI. Public comments on the proposed rule are being accepted until March 17,...more
2/24/2025
/ Compliance ,
Controlled Unclassified Information (CUI) ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Federal Acquisition Regulations (FAR) ,
Federal Contractors ,
Government Agencies ,
NIST ,
Proposed Rules ,
Regulatory Requirements ,
Risk Management ,
Subcontracts ,
Supply Chain
As noted , the renewable energy sector faces growing concerns over its vulnerability to cyberattacks. Since then, the situation has not improved; the U.S. electrical grid has grown more vulnerable to cyberattacks, with...more
2/11/2025
/ Critical Infrastructure Sectors ,
Cyber Attacks ,
Cyber Threats ,
Cybersecurity ,
Data Security ,
Department of Energy (DOE) ,
Energy Sector ,
National Security ,
Popular ,
Renewable Energy ,
Risk Management ,
Solar Energy ,
Supply Chain
In November 2023, New York Governor Kathy Hochul announced proposed regulations that would be the first state regulations for hospitals in New York. The governor described the proposed regulation as a “nation-leading...more
Keypoint: The New York Department of Financial Services (NYDFS) circulated an industry letter offering guidance to NYDFS “Covered Entities” for assessing and managing AI-related cybersecurity risks, including threats...more
Key Point: The decision making processes to determine whether a cybersecurity incident is material or not, should include documenting the factors behind each determination and should be practiced before an incident...more
8/23/2023
/ Cyber Incident Reporting ,
Cybersecurity ,
Department of Justice (DOJ) ,
Disclosure Requirements ,
Form 8-K ,
Information Technology ,
Policies and Procedures ,
Publicly-Traded Companies ,
Reporting Requirements ,
Risk Management ,
Securities and Exchange Commission (SEC)
Part I of this blog series discussed the compliance dates and the new definitions in the U.S. Securities Exchange Commission’s (the “SEC”) final rules (the “adopting release”) for cybersecurity disclosures. In Part II, we...more
Key Point: To avoid inadvertently increasing enforcement and litigation risks, companies should consider these suggestions to minimize headaches with the SEC’s final rules that mandate (a) disclosures in annual report of...more
Keypoint: New Utah law creates incentive for businesses to develop and implement a written cybersecurity program to protect themselves against data breach lawsuits.
On March 11, 2021, Utah governor Spencer Cox signed the...more
3/30/2021
/ Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
DSS ,
GLBA Privacy ,
Health Insurance Portability and Accountability Act (HIPAA) ,
PCI ,
Personally Identifiable Information ,
Popular ,
Risk Management ,
State and Local Government ,
State Data Breach Notification Statutes
Keypoint: New York’s Division of Financial Services (DFS) now requires Property and Casualty Insurers writing cyber insurance to comply with the Division’s Cyber Insurance Risk Framework to manage their risk.
In her...more
3/9/2021
/ California Consumer Privacy Act (CCPA) ,
Casualty Insurance ,
Civil Monetary Penalty ,
Cyber Crimes ,
Cyber Insurance ,
Cybersecurity ,
Cybersecurity Framework ,
Data Protection ,
Financial Institutions ,
Financial Services Industry ,
Insurance Industry ,
Insurance Litigation ,
Law Enforcement ,
NYDFS ,
Office of Foreign Assets Control (OFAC) ,
Policy Terms ,
Property Insurance ,
Ransomware ,
Risk Assessment ,
Risk Management ,
Third-Party Service Provider
Keypoint: Individuals and businesses should take steps to prevent against becoming victims of the rapid rise in Coronavirus-related hacking scams.
On March 20, 2020, the FBI issued an alert warning that cyber thieves are...more
3/24/2020
/ Chief Information Security Officer (CISO) ,
Coronavirus/COVID-19 ,
Cyber Attacks ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Data Protection ,
FBI ,
Hackers ,
Information Security ,
Phishing Scams ,
Popular ,
Risk Management