Last year we made some predictions about 2024’s cyber landscape and major issues. Several proved prescient, with incident reporting, CISO scrutiny, SEC aggression, and new regulation of various sectors taking shape as the...more
Throughout 2024, financial sector regulators sharpened their focus on data protection and cybersecurity issues impacting financial institutions and the public. Key federal agencies like the Securities and Exchange Commission...more
A significant shift in cybersecurity compliance is on the horizon, and businesses need to prepare. Starting in 2024, organizations will face new requirements to report cybersecurity incidents and ransomware payments to the...more
Most businesses in the United States will have to file incident reports—including for ransomware payments—under the Proposed Rule. The Department of Homeland Security has the authority to issue subpoenas and even penalties...more
On March 27, 2024, the Cybersecurity & Infrastructure Security Agency (“CISA”) released proposed regulations requiring expansive new cybersecurity incident and ransomware payment reporting across sixteen “critical...more
The Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA), signed into law by President Biden in March 2022 as part of the Consolidated Appropriations Act of 2022, will require companies operating in...more