The Justice Insiders Podcast - Human Beings: Cybersecurity's Most Fragile Attack Surface
Protecting Our Nation’s Data: Cybersecurity Compliance for Government Contractors
SEC’s New Cyber Rules for Publicly Traded Companies — The Consumer Finance Podcast
2023 DSIR Deeper Dive: How International and Domestic Regulatory Enforcement Spotlights the Information Governance Tensions Between ‘There’ and ‘Here’ and Between ‘Keep’ and ‘Delete’
2023 DSIR Deeper Dive: Plaintiffs’ Attorneys Are Trying to Assert a New Cause of Action Against Universities Based on an Old Law Regulating Videotape Service Providers
Episode 293 -- Catching Up with California and Other State Privacy Laws
How to Fix the Cyber Incident Reporting Mess--DHS Weighs In
Regulatory Phishing Podcast - The Impact of Cybersecurity Compliance on Corporate Transactions
The Justice Insiders Podcast: Incidents in the Material World: SEC Adopts New Cybersecurity Rules
Episode 288 -- SEC Adopts Robust New Cybersecurity Disclosure Rules
2023 DSIR Report Deeper Dive into the Data
Cybersecurity Threats Facing Food and Agribusiness Companies & the Preparation and Protection Safeguards to Help Mitigate Them
2022 DSIR Deeper Dive: OCR’s Right of Access Initiative
2022 DSIR Report Deeper Dive: FTC
2022 DSIR Deeper Dive: Vendor Incidents
Unauthorized Access: An Inside Look at Incident Response
The State of Cyber: Breaking Down Recent Rules and Regulations
Mandatory Cyber Incident Reporting: Pros, Cons, and Next Steps
Cyberside Chats: Preserving Legal Privilege After a Cybersecurity Incident
Debra Geroux and Scott Wrobel on Responding to Data Breaches
On January 14, 2025, the UK government unveiled a proposed framework aimed at combating the rise of ransomware attacks by implementing a payment prevention and reporting regime. This would require companies to not only report...more
NIS2 (Network and Information Systems Directive 2) is the updated version of the NIS Directive, which the EU first introduced in 2016. The original NIS Directive aimed to enhance cybersecurity across member states by...more
On October 2, 2024, New York adopted new regulations requiring general hospitals to implement heightened cybersecurity safeguards. General hospitals, as defined in Article 28 of the NY Public Health Law, generally must begin...more
The U.S. Securities and Exchange Commission (SEC) Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure rules officially went into effect in December 2023. Aimed at improving cybersecurity risk...more
On Tuesday, the SEC announced settled charges against four companies for “making materially misleading disclosures regarding cybersecurity risks and intrusions. The charges against the companies, Unisys Corp., Avaya Holdings...more
In this June Order, SEC Enforcement brought settled charges against R.R. Donnelley & Sons, a “global provider of business communications services and marketing solutions,” for control failures: more specifically, a failure to...more
For years, the Gramm-Leach-Bliley Act (GLBA) has required financial institutions to maintain reasonable safeguards for consumer data, but has only had limited breach-reporting requirements. To the extent financial...more
A significant shift in cybersecurity compliance is on the horizon, and businesses need to prepare. Starting in 2024, organizations will face new requirements to report cybersecurity incidents and ransomware payments to the...more
Most businesses in the United States will have to file incident reports—including for ransomware payments—under the Proposed Rule. The Department of Homeland Security has the authority to issue subpoenas and even penalties...more
On March 27, 2024, the Cybersecurity & Infrastructure Security Agency (“CISA”) released proposed regulations requiring expansive new cybersecurity incident and ransomware payment reporting across sixteen “critical...more
The federal Cybersecurity and Infrastructure Security Agency (CISA) released a draft of its proposed rule detailing how covered entities operating in critical infrastructure sectors report cyberattacks and ransomware payments...more
The U.S. Securities Exchange Commission (SEC) recently adopted a final rule regarding cybersecurity risk management, governance, and incident reporting. The final rule went into effect on September 5, 2023, and disclosure...more
In 2023, the U.S. Securities and Exchange Commission (“SEC”) issued its now-fully implemented Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure Rule. The Rule reflects the reality that cybersecurity...more
Corporate legal departments are scrambling to stay ahead of the latest developments around cyber incident disclosure rules and regulations. In hopes of reducing panic and distress, a pair of legal experts are issuing a...more
As annual reporting season begins, it is important to take a fresh look at the company’s governance and incident response processes and develop risk-informed and compliant disclosures. While many companies are understandably...more
Key Point: The FCC revised its breach notification rules for telecommunication providers to broaden the instances when notifications are required, but even with limited exceptions to the new requirements, the final rule...more
Under the Securities and Exchange Commission’s (SEC) new Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure rule (cybersecurity rule), public companies subject to the cybersecurity rule must promptly...more
The Rules on Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure by Public Companies (the “Cybersecurity Rules”), which the Securities and Exchange Commission (SEC) had adopted earlier this year,...more
The U.S. Securities and Exchange Commission (SEC) adopted final rules in 2023 that are intended to enhance and standardize disclosures regarding cybersecurity risk management, strategy, governance and incident reporting by...more
This week the SEC’s Division of Corporation Finance released compliance and disclosure interpretations (C&DIs) pertaining to the latest cybersecurity disclosure requirements. The C&DIs provide guidance on when public...more
As a follow up to yesterday’s post, our recent Client Alert discusses new guidance from the FBI, DOJ, and SEC on requesting a delay to Form 8-K disclosures for material cybersecurity incidents that pose a substantial risk to...more
In a first for both cybersecurity and securities law, a ransomware company filed a complaint with the U.S. Securities and Exchange Commission (“SEC”) against its own hacking victim for failure to disclose the hack itself. The...more
Last month the Federal Acquisition Regulatory (FAR) Council announced a major proposal regarding cybersecurity incident reporting and information. Comments currently are now due by February 2, 2024....more
The date July 26, 2023, marks the latest evolution of the cybersecurity regulation landscape as the Securities and Exchange Commission passed cybersecurity regulations for publicly traded companies. At the open meeting, SEC...more
SEC Adopts Final Rules on Cybersecurity Disclosures - The SEC has adopted rules requiring companies to provide disclosure within four business days of determining that a material cybersecurity incident has occurred, and...more