No Password Required: LIVE From Sunshine Cyber Con
Corruption, Crime and Compliance : Cybersecurity and Compliance: The Growing Partnership of CISOs and CCOs
Episode 282 -- CISO and CCOs -- The Evolving Partnership
Compliance Into The Weeds - HanesBrands Cyber Security Breach Disclosure
Cyberside Chats: Protect Your Crown Jewels – Nobody breaks into a bank to steal the posters
Cyberside Chats: Don’t silo your risk from legal (with Ingrid Rodriguez)
Cyberside Chats: Everyone wants to be Batman. Hacking Back & Cybersecurity Law
No Password Required: The Philosopher CISO of Tallahassee Who Lives to Help Other People
CyberSide Chats: Recap of the White House Cyber Summit (with Amanda Fennell)
Marti Arvin and Anthony Buenger on the CMMC Framework
In our annual Cyber Looking Ahead Guide, we share key insurance market themes that emerged in 2024 and offer our predictions for 2025. Here are the trends we examine in the Guide: We also explore some pressing topics we...more
Joseph Sullivan, Uber’s beleaguered former Chief Information Security Officer, was back in the news last month when he appealed his 2023 conviction for his role in concealing a 2016 breach of Uber’s network and customer data....more
On July 18, 2024, District Court Judge Engelmayer of the Southern District of New York issued his 107-page opinion and order dismissing most – but not all – of the landmark allegations of the SEC against SolarWinds Corp. and...more
Managing these risks at a single company should be straightforward. Executives and CISOs may be personally held accountable for cyber failings, negligence, breaches, and inadequate disclosure around cyber vulnerabilities and...more
At this point, it is self-evident that companies are grappling with an ever-evolving (think: tougher) cyber risk terrain. However, two recent cases against companies and their Chief Information Security Officers (CISOs),...more
According to a New York Times story this weekend, the Security Exchange Commission’s lawsuit against SolarWinds is driving discussions in boardrooms and corporate security departments of large organizations about the handling...more
The Securities and Exchange Commission (SEC) is ratcheting up the pressure on chief information security officers (CISOs)—and it’s entirely deliberate. In this post, I’ll discuss the litigation landscape against SolarWinds,...more
The cyber breach of SolarWinds’ software in 2020 (the “SolarWinds breach” or “cyber breach”) has been described as the “largest and most sophisticated attack the world has ever seen.” As a result of the cyber breach,...more
If you ask corporate board members and senior executives to list their number one risk (other than financial operations), the answer in today’s risk environment is clear – cybersecurity and data privacy. The rapid elevation...more
On October 5, 2022, after a monthlong jury trial, former Uber Chief Information Security Officer Joseph Sullivan was found guilty of obstructing proceedings of the Federal Trade Commission (FTC) and misprision of a felony...more
Compliance into the Weeds is the only weekly podcast that takes a deep dive into a compliance-related topic, literally going into the weeds to more fully explore a subject. In this episode, Matt Kelly and I explore the recent...more
Professor, Attorney and Expert in Cybersecurity Policy & Governance, Kevin Powers joins Jerich Beason & Whitney McCollum to discuss where the law stands on “Hacking Back”. Everyone at some point wants to be Batman. During...more
Report on Patient Privacy 22, no. 1 (January, 2022) - New Jersey issued its third settlement in three months on state-level health care privacy and security laws, announcing that three cancer care providers would adopt new...more
A ransomware attack is no company’s idea of a good time, but I do sense one positive development emerging from the epidemic of attacks we’ve witnessed this year: Boards and senior management agree that they must move beyond a...more
The Home Depot, Inc. (“Home Depot”) recently entered into a multi-state Assurance of Voluntary Compliance with Attorneys General of 46 states and the District of Columbia (the “Settlement”) stemming from a massive 2014 data...more
The New York State Department of Financial Services (DFS) implemented cybersecurity regulations (the DFS Regulations) in 2017 which provided for a transitional two-year period before all the provisions were effective. The DFS...more
For years, corporate boards have hired third-party companies to conduct financial audits to assure that there is no fraud or other breaches of fiduciary responsibility by management. Cyber risks should be managed similarly. ...more
Five things schools, colleges and universities can do this summer to address data privacy and protect against cybersecurity threats. Consider these five steps during your summer break to address the protection of...more
The New York Department of Financial Services has adopted detailed cybersecurity regulations for financial institutions. (Here). The NYDFS has filled a vacuum created by the failure of the federal government to act in this...more
When you survey business leaders on significant risks, they invariably cite cybersecurity as number one and anti-corruption as number two. For global businesses, this makes total sense. Cyber-crime damage is estimated to...more
The State of New York’s response to two large cybersecurity breaches may fuel the transformation of the state regulation of corporate cybersecurity in the U.S. Unlike typical state data breach statutes which focus on...more
Effective March 1, 2017, the New York State Department of Financial Services promulgated regulations to help protect against cybercriminals and their efforts to exploit sensitive electronic data. These cybersecurity...more
The latest settlement in Home Depot’s data breach litigation provides a data security framework for corporate governance that may be used by other companies as a template. Based on claims arising from a massive data breach...more
When Louis A. Aguilar was a commissioner at the Securities and Exchange Commission, he helped organize the SEC’s March 2014 roundtable to discuss the cyber risks facing public companies. The numerous data breaches that have...more
In Case You Missed It: The Federal Trade Commission has opened a public comment period to evaluate its Safeguards Rule (16. C.F.R. § 314.3). Under the Gramm-Leach-Bililey Act (GLBA), which regulates financial institutions,...more