CyberSide Chats: Yes, you needed a cyber attorney a long time ago (with Erik Weinick)
Reducing Cybersecurity Burdens with a Customized Data Breach Workflow
On October 10, 2024, the European Union officially adopted the Cyber Resilience Act (CRA), which introduces cybersecurity obligations for internet-connected hardware and software products offered in the EU (such as...more
Cyber incidents have surged in recent years, with attacks more than doubling since 2020 and the number of victims totaling in the hundreds of millions in 2023 alone. These incidents can cost organizations millions or even...more
The landscape for preventing, responding to, and avoiding the fines and other costs associated with data breaches has changed in the last three years. Since the beginning of the pandemic, data breaches have been on the rise...more
There’s no denying that data breaches are a major concern for organizations of all sizes, 2021 saw 1,860 data breaches occur (a record high), and 81% of those involved sensitive information like social security numbers and...more
Data mining has increasingly become one of the largest expenses during a cyber incident, often leaving claims professionals with blown budgets and insured clients in high-risk scenarios when assumptions about their data (and...more
Vendor-caused incidents continued to surge in 2021. Nearly 20 percent of the total incidents we handled last year were caused by vendors, with more than half requiring notification....more
On March 15, 2022, President Biden signed into law the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (the "Act"), creating new requirements for organizations operating in critical infrastructure sectors to...more
A data breach can be the result of a cyber/ransomware attack or an honest mistake. Either way, the potential impact of compromised data is huge. This impact can be financial (in the form of fines) and reputational (by...more
The Strengthening American Cybersecurity Act of 2022, a bill that narrowly failed to become law last year, was passed in the Senate on Tuesday, March 1 as a package of cybersecurity measures that would require operators of...more
The retention of prolific sensitive, personal electronic information has essentially become a responsibility inherent in the conduct of modern business. From the maintenance of medical records by a healthcare provider to the...more
There is little doubt that the U.S. Securities and Exchange Commission is making cybersecurity a top priority. SEC Chair Gary Gensler told a Senate committee on Tuesday, September 14, 2021 that the agency is developing a...more
Report on Patient Privacy 20, no. 11 (November 2020) - In her 14-plus years of investigating and blogging about hacking and breaches, “Dissent” has been yelled at, threatened with lawsuits and accused of being a criminal....more
We are all facing new challenges in this pandemic, including the shift to and growth of remote-work. Meanwhile, we also have to contend with the increased volume of attempted cyberattacks. Despite the distraction of the...more
One thing I appreciate about the SEC comment letter process is that it gives real life examples to what is often discussed hypothetically. Take, for example, cybersecurity and steps management should take when a data incident...more
News reports about data breach and cybersecurity incidents have increasingly become commonplace. While much of the news coverage has focused on data breach or hacking incidents impacting large institutions – Facebook,...more
The best way for a company to handle a data breach is to be prepared. As we discuss in our data breach readiness handbook, preparation includes, among other things, drafting an incident response plan, reviewing...more
The best way to handle any emergency is to be prepared. When it comes to data breaches, incident response plans are the first step organizations take to prepare. Furthermore, many organizations are required to maintain one....more
The European Union Article 29 Working Party (Article 29) issued an opinion on the proposed EU-U.S. Privacy Shield framework agreement (Privacy Shield) last week, stating that although the Privacy Shield was a “great step...more
On October 14, 2015, the National Association of Insurance Commissioners’ (NAIC) Cybersecurity Task Force adopted the Cybersecurity Bill of Rights, a document meant to inform consumers of the services they can expect from...more
For the first Tuesday in November, we have 10 easy steps to make sure that your data breach incident response planning is viewed from that pesky point of view of a litigator....more
The CFTC recently approved the National Futures Association’s interpretive notice (the “Cybersecurity Notice”) on the general requirements that members should implement for their information systems security programs...more
A timely new resource for business executives, technology professionals, and lawyers alike is the newly-published Navigating the Digital Age: The Definitive Cybersecurity Guide for Directors and Officers from the New York...more
Results from the SEC’s First Round of Cybersecurity Examinations - On February 3, 2015, the OCIE published a risk alert summarizing its findings from its examinations of over 100 registered investment advisers and...more
On September 29, 2015, the PCI Security Standards Council (“PCI SSC”) issued a press release and accompanying guidance to businesses for incident response management in the event of a data breach. PCI SSC is a global forum...more