The Justice Insiders Podcast - Human Beings: Cybersecurity's Most Fragile Attack Surface
Protecting Our Nation’s Data: Cybersecurity Compliance for Government Contractors
SEC’s New Cyber Rules for Publicly Traded Companies — The Consumer Finance Podcast
2023 DSIR Deeper Dive: How International and Domestic Regulatory Enforcement Spotlights the Information Governance Tensions Between ‘There’ and ‘Here’ and Between ‘Keep’ and ‘Delete’
2023 DSIR Deeper Dive: Plaintiffs’ Attorneys Are Trying to Assert a New Cause of Action Against Universities Based on an Old Law Regulating Videotape Service Providers
Episode 293 -- Catching Up with California and Other State Privacy Laws
How to Fix the Cyber Incident Reporting Mess--DHS Weighs In
Regulatory Phishing Podcast - The Impact of Cybersecurity Compliance on Corporate Transactions
The Justice Insiders Podcast: Incidents in the Material World: SEC Adopts New Cybersecurity Rules
Episode 288 -- SEC Adopts Robust New Cybersecurity Disclosure Rules
2023 DSIR Report Deeper Dive into the Data
Cybersecurity Threats Facing Food and Agribusiness Companies & the Preparation and Protection Safeguards to Help Mitigate Them
2022 DSIR Deeper Dive: OCR’s Right of Access Initiative
2022 DSIR Report Deeper Dive: FTC
2022 DSIR Deeper Dive: Vendor Incidents
Unauthorized Access: An Inside Look at Incident Response
The State of Cyber: Breaking Down Recent Rules and Regulations
Mandatory Cyber Incident Reporting: Pros, Cons, and Next Steps
Cyberside Chats: Preserving Legal Privilege After a Cybersecurity Incident
Debra Geroux and Scott Wrobel on Responding to Data Breaches
On January 14, 2025, the United Kingdom government published a consultation on ransomware proposing new measures to increase incident reporting and reduce ransom payments (the “Consultation”). The Consultation outlines three...more
WHAT: The FAR Council published a proposed rule to incorporate the Controlled Unclassified Information (CUI) Program into the acquisition process and, in doing so, seeks to more clearly define government and contractor roles...more
On January 14, 2025, the UK government unveiled a proposed framework aimed at combating the rise of ransomware attacks by implementing a payment prevention and reporting regime. This would require companies to not only report...more
On 14 January 2025, the UK Home Office published a consultation paper focusing on legislative proposals to reduce payments to cyber criminals and increasing incident reporting. ...more
As cybersecurity rules proliferate, companies must navigate a maze of new, and often overlapping, proactive and reactive cybersecurity requirements and guidance. This Legal Update surveys new cybersecurity rules and...more
On May 2, 2024, the Department of Defense (DoD) issued a class deviation to DFARS 252.204-7012, Safeguarding Covered Defense Information and Cyber Incident Reporting. The deviation relates to contractors’ compliance with...more
Under the Securities and Exchange Commission’s (SEC) new Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure rule (cybersecurity rule), public companies subject to the cybersecurity rule must promptly...more
Our Securities and Privacy, Cyber & Data Strategy teams unpack the Department of Justice’s (DOJ) process for companies seeking to delay Form 8-K disclosures under the Securities and Exchange Commission’s (SEC) cybersecurity...more
In the December Public Company Watch, we cover key issues impacting public companies, including a preview of the SEC’s latest regulatory agenda, an update regarding the Fifth Circuit vacating the SEC’s share repurchase rules,...more
The cyber reporting landscape is rapidly shifting. Many agencies are developing rules, and a major player has been the U.S. Securities and Exchange Commission (SEC), with important questions arising about implementation of...more
On December 18, the Securities and Exchange Commission's (SEC) new disclosure requirements go into effect and will require public companies to publicly report material cybersecurity incidents within four days of making a...more
The Securities and Exchange Commission (SEC) recently adopted rules requiring public companies to quickly disclose “material cybersecurity incidents” and to annually disclose material information regarding a company’s...more
On September 19, 2023, the Department of Homeland Security (DHS) released a Report to Congress (Report) on the Harmonization of Cyber Incident Reporting to the Federal Government. The Report reflects on the 52 in-effect or...more
Background: In March 2022, President Joe Biden signed the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) into law, ushering in a new era of enhanced cybersecurity measures. This legislation...more
The SEC’s Cybersecurity Risk Management Strategy, Governance, and Incident Disclosure Rules were officially published in the Federal Register on August 4, 2023 and go into effect on September 5, 2023....more
The Biden Administration recently reaffirmed its continued focus on cybersecurity by announcing an Implementation Plan for the National Cybersecurity Strategy (the Plan). The Plan provides a roadmap covering the policies and...more
Under the SEC’s rules, public companies that are subject to reporting requirements must promptly disclose material cybersecurity incidents. The SEC’s Final Rules require public companies to report a material cybersecurity...more
On July 26, the Securities and Exchange Commission adopted a new rule regarding cybersecurity risk management, strategy, governance, and incident disclosure. The “Cybersecurity Incident Disclosure Rule” will be applicable to...more
On March 2, 2023, the Biden administration released the 2023 National Cybersecurity Strategy (the “Strategy”). The Strategy acknowledges that the United States “must [effect] fundamental shifts in how . . . [it] allocates...more
Hosted by American Conference Institute (ACI), the 9th National Conference on CFIUS returns for another exciting year with curated programming and an impressive lineup of leaders from government, industry and private practice...more
On March 1, 2023, the White House released a new National Cybersecurity Strategy (the Strategy) documenting the Biden-Harris administration’s approach to improving cybersecurity across the digital ecosystem. The Strategy...more
The White House announced last Thursday its highly anticipated National Cybersecurity Strategy (NCS). Although largely aspirational and short on concrete plans, the 39-page NCS is the Biden administration’s most ambitious...more
In 2021, Congress created a new cyber leadership position within the White House, enacting a suggestion from the Cyberspace Solarium Commission, to develop a new Office of the National Cyber Director (ONCD). ...more
President Biden signed into law the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) on March 15, 2022. The background and contours of CIRCIA are discussed in a previous update. CIRCIA authorizes and...more
Earlier this month, Deputy Attorney General Lisa O. Monaco spoke on cybersecurity developments at the International Conference on Cyber Security (“ICCS”); the same day, the U.S. Department of Justice (“DOJ”) released its...more