Decrypted Podcast | Decoding NIS2: Europe's New Cybersecurity Playbook
Protecting Our Nation’s Data: Cybersecurity Compliance for Government Contractors
SEC’s New Cyber Rules for Publicly Traded Companies — The Consumer Finance Podcast
2023 DSIR Deeper Dive: How International and Domestic Regulatory Enforcement Spotlights the Information Governance Tensions Between ‘There’ and ‘Here’ and Between ‘Keep’ and ‘Delete’
2023 DSIR Deeper Dive: Plaintiffs’ Attorneys Are Trying to Assert a New Cause of Action Against Universities Based on an Old Law Regulating Videotape Service Providers
Episode 293 -- Catching Up with California and Other State Privacy Laws
How to Fix the Cyber Incident Reporting Mess--DHS Weighs In
Regulatory Phishing Podcast - The Impact of Cybersecurity Compliance on Corporate Transactions
Episode 288 -- SEC Adopts Robust New Cybersecurity Disclosure Rules
2023 DSIR Report Deeper Dive into the Data
Cybersecurity Threats Facing Food and Agribusiness Companies & the Preparation and Protection Safeguards to Help Mitigate Them
2022 DSIR Deeper Dive: OCR’s Right of Access Initiative
2022 DSIR Report Deeper Dive: FTC
2022 DSIR Deeper Dive: Vendor Incidents
Unauthorized Access: An Inside Look at Incident Response
The State of Cyber: Breaking Down Recent Rules and Regulations
Mandatory Cyber Incident Reporting: Pros, Cons, and Next Steps
Cyberside Chats: Preserving Legal Privilege After a Cybersecurity Incident
Debra Geroux and Scott Wrobel on Responding to Data Breaches
The Importance Of Cybersecurity During A Merger & Acquisition Transaction
Cyber incidents are increasingly giving rise to complex, long‑tail litigation risk, particularly for financial services firms. As regulators place growing emphasis on operational resilience, outsourcing governance and...more
On May 14, 2026, the Federal Communications Commission’s (FCC) Public Safety & Homeland Security Bureau (PSHSB) convened a Cybersecurity Workshop for Broadcasters, bringing together public- and private-sector stakeholders to...more
Luxembourg has adopted two cornerstone laws that, together, constitute a new national cyber and resilience “arsenal”: • the law transposing Directive (EU) 2022/2555 (NIS 2) on cybersecurity - • the law transposing...more
On May 26, 2026, the U.S. Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) announced the rescheduled dates for its “town hall” virtual meetings on the Cybersecurity Incident...more
In 2022, President Biden signed into law the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA). It developed out of the federal government’s perceived need to be better prepared for cybersecurity...more
In this episode of "Decrypted," Skadden's cybersecurity and data privacy team tackles the EU's Network and Information Security Directive 2 (NIS2) — one of the most consequential cybersecurity regulations now reshaping how...more
A sweeping new federal cybersecurity mandate is on its way, and now is the time for businesses to build the infrastructure you’ll need to comply. The Cybersecurity and Infrastructure Security Agency (CISA) is finalizing draft...more
The UK Government has published the Cyber Security and Resilience (Network and Information Systems) Bill (the "Bill" or the "UK Bill") proposing significant amendments to the Network and Information Systems Regulations 2018...more
On January 5, 2026, the U.S. General Services Administration (GSA) released Revision 1 of its IT Security Procedural Guide, “Protecting Controlled Unclassified Information (CUI) in Nonfederal Systems and Organizations...more
On March 17, 2026, the European Parliament published a briefing signalling continued momentum toward the creation of an EU‑wide Single Entry Point (SEP) for security incident reporting. The initiative is part of the European...more
The U.S. General Services Administration (GSA) on January 5, 2026, quietly introduced a new cybersecurity compliance framework that will significantly reshape the information technology (IT) obligations of thousands of...more
The Cybersecurity and Infrastructure Security Agency (“CISA”) will be hosting a series of upcoming virtual town hall meetings related to its rulemaking under the Cyber Incident Reporting for Critical Infrastructure Act...more
Almost two years after seeking stakeholder input about a final rule under the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA), the Cybersecurity and Infrastructure Security Agency (CISA) announced...more
On 20 January 2026, the European Commission proposed a comprehensive new cybersecurity package with the aim of strengthening the European Union’s cybersecurity resilience and capabilities, in response to growing cyber and...more
On February 13, 2026, the Cybersecurity and Infrastructure Security Agency (CISA) within the US Department of Homeland Security published a notice in the Federal Register announcing that it would hold a series of town halls...more
The U.S. Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) is working to finalize a rule that would require large segments of industry to rapidly report to the government when...more
Following the UK Government's launch of a public consultation on its proposed legislative measures to combat the threat of ransomware (see Goodwin’s January 2025 analysis), the UK Government published its response to the...more
In a recent update to internal procedural guidance, the General Services Administration (GSA) has established a new framework of security requirements and privacy controls for contractor information systems that process,...more
Key point: Historically, civilian‑agency contractors who handled Controlled Unclassified Information (CUI) enjoyed an informal compliance environment, with a requirement to adhere to NIST SP 800‑171 often framed as...more
Last month the General Services Administration’s (“GSA”) Office of the Chief Information Security Officer (“OCISO”) issued CIO-IT Security-21-112 Rev. 1, a procedural guide governing how Controlled Unclassified Information...more
The new year is already off to a fast start in the world of cybersecurity and privacy. With Data Privacy Day approaching next week (January 28), we will look at three trends that we expect to see in the coming year. The...more
As we ring in the new year, we want to make you aware of key issues that we expect lawmakers and regulators to focus on this year. Below are the top U.S. data, privacy, and cybersecurity issues to watch out for in 2026...more
On November 19, 2025, the European Commission published two "Digital Omnibus" proposals as part of a wider Digital Package: (i) a Digital Legislation Omnibus that amends and consolidates large parts of the European Union's...more
When a cyberattack occurs, time is the most valuable asset. Much like law enforcement’s “first 48” hours rule in criminal investigations, the first 72 hours of a cyberattack, often referred to collectively as the “golden...more
Companies that map data breach trend lines against industry-specific obligations can convert raw statistics into risk governance strategies. This exercise can be especially valuable amid fast-shifting attack techniques,...more