The Justice Insiders Podcast - Human Beings: Cybersecurity's Most Fragile Attack Surface
Protecting Our Nation’s Data: Cybersecurity Compliance for Government Contractors
SEC’s New Cyber Rules for Publicly Traded Companies — The Consumer Finance Podcast
2023 DSIR Deeper Dive: How International and Domestic Regulatory Enforcement Spotlights the Information Governance Tensions Between ‘There’ and ‘Here’ and Between ‘Keep’ and ‘Delete’
2023 DSIR Deeper Dive: Plaintiffs’ Attorneys Are Trying to Assert a New Cause of Action Against Universities Based on an Old Law Regulating Videotape Service Providers
Episode 293 -- Catching Up with California and Other State Privacy Laws
How to Fix the Cyber Incident Reporting Mess--DHS Weighs In
Regulatory Phishing Podcast - The Impact of Cybersecurity Compliance on Corporate Transactions
The Justice Insiders Podcast: Incidents in the Material World: SEC Adopts New Cybersecurity Rules
Episode 288 -- SEC Adopts Robust New Cybersecurity Disclosure Rules
2023 DSIR Report Deeper Dive into the Data
Cybersecurity Threats Facing Food and Agribusiness Companies & the Preparation and Protection Safeguards to Help Mitigate Them
2022 DSIR Deeper Dive: OCR’s Right of Access Initiative
2022 DSIR Report Deeper Dive: FTC
2022 DSIR Deeper Dive: Vendor Incidents
Unauthorized Access: An Inside Look at Incident Response
The State of Cyber: Breaking Down Recent Rules and Regulations
Mandatory Cyber Incident Reporting: Pros, Cons, and Next Steps
Cyberside Chats: Preserving Legal Privilege After a Cybersecurity Incident
Debra Geroux and Scott Wrobel on Responding to Data Breaches
Cyber incidents such as the 2024 event involving Change Healthcare, which compromised the personal information of over 100 million people, highlight the evolving nature of cyber threats – increasingly becoming risk management...more
Lawmakers expressed bipartisan support for significantly amending or eliminating some cybersecurity incident notification requirements during a recent hearing of the U.S. House Committee on Homeland Security's Subcommittee on...more
Our company experienced a cybersecurity incident. It seemed pretty minor — just a few suspicious emails and an employee’s account being locked. To my dismay, we’re now hearing from our IT team that the issue is more serious....more
The maritime industry has become a prime target for hackers. In the last few years, it has seen a steep increase in the number of shipping-related cyberattacks. The recent surge marks a new and pressing challenge for ports...more
Feel confident tackling any threat with a unified incident management approach that integrates roles, communication, and recovery tasks. Small and medium-sized organizations without a disaster recovery plan are 40% more...more
In July 2023, the U.S. Securities and Exchange Commission (SEC) adopted final rules requiring public companies to report material cybersecurity incidents under new Item 1.05 of Form 8-K beginning on December 18, 2023. Our...more
The 2024 CrowdStrike outage and the ransomware attack on NHS partner Synnovis hit mainstream news and highlighted the fragility of ICT supply chains and the risks posed by cyber incidents....more
On January 13, 2025, the Securities and Exchange Commission (“SEC”) filed a settled enforcement action against Ashford Inc. (“Ashford” or “the Company”), a company that provides products and services to the real estate and...more
With the onslaught of new privacy, AI and cyber legislation coupled with promises for enforcement and class action litigation, running a well-functioning and flexible privacy and cyber program is increasingly a critical...more
As the digital landscape evolves, so do the threats that accompany it. The rise of artificial intelligence (AI) has fundamentally transformed the nature of cybercrime, enabling attackers to execute more sophisticated and...more
Cyberattacks are affecting every company and sector. Meanwhile, the regulatory landscape is intensifying as the SEC continues to enforce the cyber-risk management disclosure rules. Every day presents a new compliance and...more
2024 was a record year for cyberattacks in the healthcare sector. According to the Breach Portal maintained by the U.S. Department of Health and Human Services (“HHS”) Office of Civil Rights (“OCR”), to date this year, there...more
Numbers never lie. The second most targeted industry in terms of hacking and breaches is Finance, which was the victim somewhere in the realm of 2,306 to 2,792 cyberattacks in 2023 (depending on the source). With each data...more
As cybersecurity rules proliferate, companies must navigate a maze of new, and often overlapping, proactive and reactive cybersecurity requirements and guidance. This Legal Update surveys new cybersecurity rules and...more
By now, public companies are generally aware of the cybersecurity rules adopted by the U.S. Securities and Exchange Commission a year ago, requiring public companies to disclose material cybersecurity incidents under Item...more
In this era of big data, smart devices, and constant connectivity, the clock's already ticking on your next data breach – it's just a matter of time. For companies of all sizes and across every industry, the stakes have never...more
We’re back with a deeper dive into the 2024 Data Security Incident Response Report, which features insights and metrics from 1,150+ incidents in 2023. This episode dives deeper into the data, including network intrusions...more
Virtually all organizations have an obligation to safeguard their personal data against unauthorized access or use, and, in some instances, to notify affected individuals in the event such access or use occurs. Those...more
Last month, the Director of the Division of Corporation Finance (“Director”) of the Securities and Exchange Commission (“SEC”) issued new guidance regarding disclosures of material cybersecurity incidents via Form 8-K under...more
Kennedys and Booz Allen Hamilton are delighted to invite you to our 3 hour webinar on Thursday, June 27, 2024. This half-day seminar features three presentations: Clear and present danger, In the war room, and The fallout....more
The financial services industry has seen a litany of new data privacy and cybersecurity challenges through the first half of 2024. Financial institutions are facing unprecedented compliance hurdles resulting from the...more
Cyberhackers—potentially frustrated by their limited ability to extort ransom from health care entities in attacks—have started extorting the patients themselves, threatening them with the release of information or...more
The Cybersecurity and Infrastructure Agency (CISA) is seeking comment on a proposed rule to implement reporting requirements for critical infrastructure entities, including health care entities, on cyberattacks and ransomware...more
New regulations continue to push boards in the direction of active engagement in their cyber oversight role, including breach response. But, how can boards strike the right balance in their oversight role during a significant...more
At this point, it is self-evident that companies are grappling with an ever-evolving (think: tougher) cyber risk terrain. However, two recent cases against companies and their Chief Information Security Officers (CISOs),...more