No Password Required: LIVE From Sunshine Cyber Con
An Update On IOT Device Breaches, Framework, And Legislation
Your Cyber Minute: Importance of the GDPR to the global business community
Your Cyber Minute: The Implications of the GDPR for Cybersecurity
How to Respond to President Obama's Cybersecurity Executive Order
On 29 November 2024, the Australian Senate passed the Privacy and Other Legislation Amendment Bill 2024 (Cth) (the Privacy Act Bill). This follows the passage of the Cyber Security Act 2024 (Cth), and other cyber-security...more
Change Healthcare Inc. has amended its initial breach report to the HHS Office for Civil Rights (OCR) to state that 100 million individuals were impacted by its mammoth ransomware attack and breach. However, as of Oct. 24,...more
Our Health Care and Privacy, Cyber & Data Strategy Groups cover an upcoming proposed rule from U.S. Health and Human Services (HHS) that would formalize cybersecurity requirements and allow the Office for Civil Rights (OCR)...more
It has been a busy month for cyber and privacy regulation in Australia. On the heels of the proposed amendments to the Privacy Act 1988 released just under a month ago, three further draft Bills relating to cyber security...more
October is here, and as we prepare for pumpkin spice lattes, fall sweaters, and scary decorations, there's one thing your business can't afford to ignore this month: cybersecurity. Welcome to Hack-tober, or as it's officially...more
Cyber regulation is changing in Australia. As governments globally grapple with the everchanging and increasingly challenging cyber landscape, Australia is poised to implement new laws and update existing regulation in order...more
2023 was another active year in cybersecurity, with high profile vulnerabilities and data breaches, and government and private sector responses to them. Examples include pervasive ransomware attacks targeting the healthcare,...more
On November 1, 2023, the New York Department of Financial Services (NYDFS) announced the adoption of amendments to its Cybersecurity Regulation 23 NYCRR Part 500 (“Amended Cybersecurity Rules” or “Amended Rules”). NYDFS...more
Given recent regulatory activity and sentiments, companies must take an active role in maturing their cybersecurity programs so that they robustly counter potential risk. Current and future regulator activity, rulemaking, and...more
Ransomware incidents continue to be on the rise, wreaking havoc for organizations globally. Ransomware attacks target an organization’s data or infrastructure, and, in exchange for releasing the captured data or...more
UNITED STATES - Regulatory—Policy, Best Practices, and Standards - President Biden Issues Cybersecurity Executive Order - On May 12, 2021, President Biden issued an executive order that placed new standards on the...more
Nearly 700 years ago, England captured King John II of France and held him for ransom for four million écus. But France could not afford to pay, and King John II ultimately traded his two sons as substitute hostages to try...more
Keypoint: New York’s Division of Financial Services (DFS) now requires Property and Casualty Insurers writing cyber insurance to comply with the Division’s Cyber Insurance Risk Framework to manage their risk. In her...more
On February 4, 2021, New York’s Department of Financial Services (DFS) issued Insurance Circular Letter No. 2, which builds on the robust cybersecurity regulation provided in its 2017 Cybersecurity Regulation (23 NYCRR 500)....more
Last year the FTC mandated what an organization’s written cybersecurity program should include to avoid being deemed “unfair and deceptive” to consumers, and this year California consumers whose personal information is...more
In this month's edition of our Privacy & Cybersecurity Update, we examine the EU advocate general's decision in Schrems II, a federal court's ruling that an insurer owed coverage for a social engineering loss, the Chinese...more
There is no such thing as compliance with the NIST Cybersecurity Framework (FTC). In September, the FTC dispelled a commonly held misconception regarding the NIST Framework: It “is not, and isn’t intended to be, a standard or...more
In the past month, the National Institute of Standards and Technology (NIST) has issued a draft update to its flagship cybersecurity framework as well as new standalone guidance on how organizations can plan to recover from...more
Last week, FinCEN (Financial Crimes Enforcement Network) issued a formal Advisory to Financial Institutions and published FAQs outlining specific cybersecurity events that should be reported through Suspicious Activity...more
On August 31st and September 7th, 2016, the Federal Trade Commission (FTC) provided guidance regarding cybersecurity standards, which companies should consider when assessing their current data security posture....more