NIST has updated its widely used Cybersecurity Framework to provide key updates and practical resources for organizations to manage and discuss cybersecurity risk. The updated framework, which remains voluntary, is designed...more
Since December 18, 2023 public companies other than smaller reporting companies are required to report a cybersecurity incident under Item 1.05 of Form 8-K within four business days after the company determines the incident...more
On July 26, the SEC adopted amendments to Regulation S-K and Exchange Act forms requiring public companies to disclose on a current basis material cybersecurity incidents and to disclose annually information regarding their...more
On 28 March 2023, the Hogan Lovells New York Retail Team hosted a coffee chat webinar discussing the latest news and developments of 2023 in retail. The event featured Meryl Bernstein (Intellectual Property, Media, and...more
The Biden Administration released its National Cybersecurity Strategy (Strategy) in an effort to reshape U.S. policy and priorities around cybersecurity for the public and private sectors, marking a significant shift in tone...more
On November 9, 2022, the New York Department of Financial Services (NYDFS) published proposed amendments to significantly expand Cybersecurity Requirements for Financial Services Companies under 23 NYCRR 500 (the “NYDFS...more
Through Aerospace & Defense Insights, we share with you the top legal and political issues affecting the aerospace and defense (A&D) industry. Our A&D industry team monitors the latest developments to help our clients stay in...more
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a Request for Information (RFI) and announced “public listening sessions” soliciting input in advance of formal rulemaking under the Cyber Incident...more
9/13/2022
/ Critical Infrastructure Sectors ,
Cyber Attacks ,
Cyber Incident Reporting ,
Cyber Threats ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Ransomware ,
Rulemaking Process
Given the deteriorating security situation in Eastern Europe and the potential for widespread cyber disruptions should hostilities break out, we urge clients to re-examine their cybersecurity posture. The U.S. Cybersecurity...more
The decision to pay millions to a cyber criminal has never been easy, but it is now even more complex. The U.S. Department of Treasury’s Office of Foreign Assets Control (OFAC) issued an updated advisory on September 21,...more
As cyber adversary capabilities, opportunities and sophistication continue to grow, cyber incidents pose a very real, costly and potentially devastating threat to organizations around the world. With today's cyber ecosystem,...more
9/9/2021
/ Crisis Management ,
Cyber Attacks ,
Cyber Threats ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Incident Response Plans ,
Popular ,
Ransomware ,
Risk Management ,
Webinars
The U.S. Department of Homeland Security (DHS) announced the issuance of a second security directive (Directive) that requires owners and operators of certain critical pipelines carrying hazardous liquids and natural gas to...more
The U.S. Department of Homeland Security (DHS) issued a security directive (Directive) that, for the first time, imposes mandatory cybersecurity requirements on companies in the pipeline industry. ...more
6/4/2021
/ Critical Infrastructure Sectors ,
Cyber Attacks ,
Cybersecurity ,
Data Protection ,
Department of Homeland Security (DHS) ,
Hackers ,
Information Technology ,
National Security ,
Oil & Gas ,
Pipelines ,
Popular ,
Ransomware ,
Supply Chain ,
Threat Management
On April 27, 2021, the New York State Department of Financial Services (“DFS” or the “Department”) released a report regarding its investigation into the response by DFS covered entities to the SolarWinds supply chain attack....more
5/5/2021
/ Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Hackers ,
Incident Response Plans ,
Information Technology ,
NYDFS ,
Russia ,
Software ,
SolarWinds ,
Supply Chain ,
Third-Party Service Provider
Ransomware victims face a nearly impossible decision: pay criminals holding their business hostage or refuse and face possible crippling consequences. This decision requires careful analysis of a number of considerations, and...more
2/25/2021
/ Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Hackers ,
Incident Response Plans ,
Information Technology ,
New Guidance ,
NYDFS ,
Personally Identifiable Information ,
Popular ,
Ransomware
On January 12, 2021, the Office of the Comptroller of the Currency (OCC), the Board of Governors of the Federal Reserve System (Board), and the Federal Deposit Insurance Corporation (FDIC) published a Notice of Proposed...more
1/13/2021
/ Cybersecurity ,
Data Breach ,
Data Protection ,
FDIC ,
Federal Breach Notification Standard ,
Financial Institutions ,
Financial Regulatory Reform ,
Financial Services Industry ,
FRB ,
NPRM ,
OCC ,
Popular ,
Regulatory Requirements
Financial Institutions Horizons is a snapshot of key legal topics and market trends across the globe, shaping the future of the financial institutions market.
When we conceived the Horizons series in 2018, the financial...more
12/16/2020
/ Biden Administration ,
China ,
Coronavirus/COVID-19 ,
Cybersecurity ,
Financial Institutions ,
FinTech ,
Infectious Diseases ,
Investigations ,
Libor ,
Sustainable Business Practices ,
UK Brexit
In response to the significant rise in ransomware attacks since the start of the COVID-19 pandemic and just in time for Cybersecurity Awareness Month, the Department of the Treasury’s Financial Crimes Enforcement Network...more
10/6/2020
/ AML/CFT ,
BSA/AML ,
Cyber Crimes ,
Cyber Insurance ,
Cybersecurity ,
Economic Sanctions ,
Financial Institutions ,
Financial Transactions ,
FinCEN ,
Money Services Business ,
National Security ,
Office of Foreign Assets Control (OFAC) ,
Popular ,
Privacy Concerns ,
Ransomware ,
Suspicious Activity Reports (SARs)
Following promises of increased enforcement, on July 22, 2020, the New York Department of Financial Services (NYDFS) announced the first cybersecurity enforcement action pursuant to its Cybersecurity Regulation, which...more
Continuing its focus on COVID-19’s impact on its regulated entities, on April 13, the New York Department of Financial Services (NYDFS) released new cybersecurity guidance in response to the COVID-19 pandemic....more
The COVID-19, and the various restrictions that have been implemented in response to it, are causing extraordinary business disruptions. Many organizations have had to modify their operational controls and accommodate a shift...more
On March 11, the Word Health Organization officially characterized the coronavirus (COVID-19) outbreak as a pandemic. During the outbreak, many employers around the world are seeking to prioritize the well-being and safety of...more
3/16/2020
/ Business Continuity Plans ,
Business Interruption ,
China ,
Coronavirus/COVID-19 ,
Crisis Management ,
Cybersecurity ,
Data Protection ,
Emergency Management Plans ,
Infectious Diseases ,
Information Security ,
Malware ,
Policies and Procedures ,
Popular ,
Public Health ,
Risk Management
Using a hypothetical case study, revealed in a series of short animations, Hogan Lovells partners Philip Parish, Arwen Handley, Nicola Fulford and Peter Marta considered topics such as good cyber incident preparedness, board...more
3/16/2020
/ Cyber Attacks ,
Cyber Crimes ,
Cyber Threats ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Financial Services Industry ,
Hackers ,
Incident Response Plans ,
Insider Trading ,
Personally Identifiable Information
Companies should take note of two imminent developments in New York in the area of cybersecurity regulation: enforcement of the New York Department of Financial Services (NYDFS) Cybersecurity Regulation (Regulation) and the...more
2/26/2020
/ Consumer Privacy Rights ,
Consumer Protection Laws ,
Covered Entities ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Financial Services Industry ,
GLBA Privacy ,
Gramm-Leach-Blilely Act ,
Health Insurance Portability and Accountability Act (HIPAA) ,
NYDFS ,
Personal Information ,
Regulatory Oversight ,
Regulatory Requirements ,
Risk Management ,
SHIELD Act ,
State and Local Government ,
State Data Breach Notification Statutes ,
State Data Privacy Laws
In today’s connected world, businesses face constant pressure to improve their cybersecurity practices and to confirm that they are meeting industry standards. To continue helping businesses achieve those goals, the SEC...more
2/7/2020
/ Corporate Governance ,
Cybersecurity ,
Data Loss Prevention ,
Data Management ,
Data Privacy ,
Data Protection ,
Data Security ,
Employee Training ,
Incident Response Plans ,
Information Governance ,
Mobile Apps ,
Mobile Devices ,
OCIE ,
Popular ,
Risk Management ,
SEC Examination Priorities ,
Securities and Exchange Commission (SEC) ,
Security Standards ,
Vendors