No Password Required: SVP at SpyCloud Labs, Former Army Investigator, and Current Breakfast Champion
Fintech Focus Podcast | Responding to a Cyber Attack – Key Considerations for GCs and CISOs
On-Demand Webinar: Bring Predictability and Reduce the Spiraling Cost of Cyber Incident Response
Episode 334 -- District Court Dismisses Bulk of SEC Claims Against Solarwinds
The Justice Insiders Podcast - Human Beings: Cybersecurity's Most Fragile Attack Surface
FBI Lockbit Takedown: What Does It Mean for Your Company?
Privacy Officer's Roadmap: Data Breach and Ransomware Defense – Speaking of Litigation Video Podcast
Decoding Cyber Threats: Protecting Critical Infrastructure in a Digital World — Regulatory Oversight Podcast
No Password Required: Chief Adversarial Officer at Secure Yeti, a DEF CON Groups Global Ambassador, and a World-Class Awkward Hugger
2023 DSIR Deeper Dive: How International and Domestic Regulatory Enforcement Spotlights the Information Governance Tensions Between ‘There’ and ‘Here’ and Between ‘Keep’ and ‘Delete’
Marketing Minute with NP Strategy (Video): How to Respond to a Cyber Security Breach
Life With GDPR – Lessons Learned from The Singtel Opus Data Breach
No Password Required: Founder and Commissioner of the US Cyber Games, CEO of the Cyber Marketing Firm Katzcy, and Someone Who Values Perseverance Over Perfection
2023 DSIR Deeper Dive: State Privacy and Data Collection
Digital Planning Podcast Episode: When Cyber Attacks Hit Home
No Password Required: Threat Intelligence Analyst at Recorded Future, the Ransomware Sommelier, and a Guy With a Mildly Exciting Expense Account
Compliance & Disaster Preparedness
Taking the Pulse, A Health Care and Life Sciences Video Podcast | Episode 157: Sarah Glover, Maynard Nexsen Cybersecurity Attorney
Overview of Cybersecurity in Government Contracts
Episode 282 -- CISO and CCOs -- The Evolving Partnership
After a data breach, organizations need to understand the scope of the incident in order to quickly resolve it and ensure they are able to meet notification requirements. The urgency often leads to the misguided belief that...more
Editor’s Note: This webcast brings together some of HaystackID’s top experts to dissect the intricacies of Business Email Compromise (BEC) attacks—a rapidly growing threat impacting organizations globally. During the...more
The U.S. Securities and Exchange Commission (SEC) Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure rules officially went into effect in December 2023. Aimed at improving cybersecurity risk...more
Cyberattacks powered by artificial intelligence have become more sophisticated as bad actors utilize machine learning to analyze vulnerabilities, automate exploits, and outpace traditional security measures. Through the use...more
In this June Order, SEC Enforcement brought settled charges against R.R. Donnelley & Sons, a “global provider of business communications services and marketing solutions,” for control failures: more specifically, a failure to...more
The Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) was enacted in 2022 with the primary purpose of preserving national security, economic security, and public health and safety. CIRCIA provides the Director...more
In 2025, new federal reporting requirements will require hundreds of thousands of organizations to report cyber incidents within hours of discovery to the United States Government, marking a significant impact on how...more
On March 27, 2024, the Cybersecurity & Infrastructure Security Agency (“CISA”) released proposed regulations requiring expansive new cybersecurity incident and ransomware payment reporting across sixteen “critical...more
The federal Cybersecurity and Infrastructure Security Agency (CISA) released a draft of its proposed rule detailing how covered entities operating in critical infrastructure sectors report cyberattacks and ransomware payments...more
Threat actors are evolving. Our Privacy, Cyber & Data Strategy Team explains how ransomware gangs have changed their tactics and how companies can respond to the threat while navigating new scrutiny from investors and...more
The U.S. Securities Exchange Commission (SEC) recently adopted a final rule regarding cybersecurity risk management, governance, and incident reporting. The final rule went into effect on September 5, 2023, and disclosure...more
The American Hospital Association (AHA) has warned that information technology (IT) help desks are being targeted in a social engineering scheme that uses the stolen identity of revenue cycle employees or employees in other...more
In recent regulatory and enforcement developments, the California Privacy Protection Agency (CPPA) proposed a regulatory framework for automated decision-making technology (ADMT) and revisions to the California Consumer...more
In 2023, the U.S. Securities and Exchange Commission (“SEC”) issued its now-fully implemented Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure Rule. The Rule reflects the reality that cybersecurity...more
In 2024, businesses will continue to face an evolving landscape of cyber threats, along with an increasingly complex regulatory environment. With heightened scrutiny from regulators, consumers, and investors, the need to...more
Large companies holding sensitive data – including financial services, telecommunications, business process outsourcing, hospitality, and cryptocurrency firms – as well as their IT helpdesks, are increasingly being targeted...more
In a first for both cybersecurity and securities law, a ransomware company filed a complaint with the U.S. Securities and Exchange Commission (“SEC”) against its own hacking victim for failure to disclose the hack itself. The...more
According to a New York Times story this weekend, the Security Exchange Commission’s lawsuit against SolarWinds is driving discussions in boardrooms and corporate security departments of large organizations about the handling...more
Each month, we publish a roundup of the most important SEC enforcement developments for busy in-house lawyers and compliance professionals. This month we examine: • Fraud and internal control failure charges against...more
On October 30, 2023, the US Securities and Exchange Commission ("SEC") announced that it filed charges against SolarWinds Corp. ("SolarWinds" or the "Company") and its Chief Information Security Officer ("CISO") in connection...more
On July 25, Missouri, Arkansas, and Iowa (the states), along with intervenors American Water Works Association and National Rural Water Association (the water associations), petitioned the Eighth Circuit to review the U.S....more
On July 26, the Securities and Exchange Commission (SEC) adopted new cybersecurity rules. Organizations will need to disclose material cyber incidents pursuant to a prescribed timeline and information regarding risk...more
Emerging developments in AI, Machine Learning, Natural Language Processing, Automation, and More – Where Does it All Fit Inside the World of GRC? AI-driven technology has been making headlines for breakthroughs as well as...more
The Securities and Exchange Commission (“SEC”) voted on July 26, 2023 to adopt new cybersecurity rules, which are aimed at helping investors better understand the cybersecurity risks associated with public companies by...more
On July 26, 2023, the Securities and Exchange Commission ("SEC"), in a 3-2 vote, adopted rules that will require public companies to make prescribed cybersecurity disclosures.1 The rules are designed to elicit "consistent,...more