Introduction - On July 19, 2025, Microsoft announced two new vulnerabilities that are actively being exploited (CVE-2025-49704 and CVE-2025-49706) and that relate to on-premises Microsoft SharePoint instances that are exposed...more
The New York State Department of Health has issued an urgent cybersecurity advisory (the Advisory) warning of increased threat levels and a higher likelihood of cybersecurity attacks from Iranian state-backed actors following...more
Overview - On June 23, 2025, the New York State Department of Financial Services (“NYDFS”) issued an industry letter encouraging all regulated entities to review their cybersecurity and sanctions compliance programs in light...more
Our Privacy, Cyber & Data Strategy Team discusses how to overcome five challenges companies face in the wake of a data security incident when reviewing impacted data to comply with legal obligations....more
On June 6, 2025, President Trump issued an Executive Order (EO) on Sustaining Select Efforts to Strengthen the Nation’s Cybersecurity, amending certain prior directives established by the Biden and Obama administrations....more
Overview - On May 6, 2025, the Cybersecurity and Infrastructure Security Agency (CISA), in coordination with the FBI, Environmental Protection Agency (EPA), and Department of Energy (DOE), issued a joint fact sheet titled...more
On May 1, 2025, additional enhanced cybersecurity controls required by the Second Amendment to the New York Department of Financial Services (NYDFS) Cybersecurity Regulation (23 NYCRR Part 500) (the “Second Amendment”) take...more
Our Privacy, Cyber & Data Strategy Team highlights the increasingly specific cybersecurity controls identified by regulators, explains why these enhanced cybersecurity controls have become the focus of regulators, and shares...more
On March 13, 2025, the Federal Communications Commission’s (“FCC”) Chairman Brendan Carr announced the creation of a Council on National Security (the “Council”) with Adam Chan serving as the Director. This new Council will...more
On March 12, 2025, the Cybersecurity and Infrastructure Security Agency (CISA), in collaboration with the Federal Bureau of Investigation (FBI) and the Multi-State Information Sharing and Analysis Center (MS-ISAC), issued a...more
3/17/2025
/ Cyber Attacks ,
Cyber Threats ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Data Breach ,
Data Protection ,
Data Security ,
FBI ,
Ransomware ,
Risk Management ,
Threat Management
On February 19, 2025, the Cybersecurity and Infrastructure Security Agency (CISA), in collaboration with the Federal Bureau of Investigation (FBI) and the Multi-State Information Sharing and Analysis Center (MS-ISAC), issued...more
2/24/2025
/ Cyber Attacks ,
Cyber Threats ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Data Breach ,
Data Protection ,
Malware ,
Multi-Factor Authentication ,
Ransomware ,
Risk Management ,
Security Information and Event Management (SIEM) system
On February 4, 2025, Coveware, Inc. released its quarterly ransomware report for the fourth quarter of 2024, and identified that the percentage of victims paying ransoms fell to a historic low of 25%. While the average...more
On January 14, 2025, the Cybersecurity and Infrastructure Security Agency (CISA) released the AI Cybersecurity Collaboration Playbook (the “Playbook”) to provide guidance to organizations within the AI community (including AI...more
On January 15, 2025, the Federal Trade Commission (FTC) announced a proposed settlement with GoDaddy Inc. (GoDaddy) for making false or misleading representations about their security practices in violation of Section 5 of...more
1/22/2025
/ Antitrust Violations ,
Compliance ,
Cybersecurity ,
Data Privacy ,
Data Security ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
FTC Act ,
Misleading Statements ,
Privacy Laws ,
Risk Management ,
Unfair or Deceptive Trade Practices
On November 14, 2024, the Department of Homeland Security (“DHS”) announced a set of voluntary recommendations called the “Roles and Responsibilities Framework for Artificial Intelligence in Critical Infrastructure”...more
11/20/2024
/ Artificial Intelligence ,
Automation Systems ,
Critical Infrastructure Sectors ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Data Management ,
Department of Homeland Security (DHS) ,
Machine Learning ,
National Security ,
Risk Assessment ,
Risk Management
On November 12, 2024, the Cybersecurity and Infrastructure Security Agency (“CISA”), the Federal Bureau of Investigation (“FBI”), National Security Agency (“NSA”) and certain international partners (including the Australian...more
The New York Department of Financial Services issued a cybersecurity advisory on November 1, 2024, regarding a growing threat posed by North Korean operatives seeking remote IT roles at U.S. companies. These operatives secure...more
On October 24, 2024, President Biden signed the first-ever National Security Memorandum (“NSM”) focused on artificial intelligence (“AI”), pursuant to subsection 4.8 of Executive Order 14110. The NSM provides guidance on...more
On October 16, 2024, the New York Department of Financial Services (“NYDFS”) issued an industry letter covering Cybersecurity Risks Arising from Artificial Intelligence and Strategies to Combat Related Risks (the “Industry...more
The ubiquity of artificial intelligence (AI) has heightened companies’ exposure to cyberattacks of increasingly greater sophistication. Our Privacy, Cyber & Data Strategy Team explores how businesses can enhance their...more
10/2/2024
/ Artificial Intelligence ,
Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Cybersecurity Framework ,
Data Security ,
Deep Fake ,
Employee Training ,
Machine Learning ,
Phishing Scams ,
Risk Management
On August 21, 2024, the National Institution of Standards and Technology (“NIST”) released the second draft of its Digital Identity Guidelines, which provides federal agencies with a framework for identity proofing and...more
A recent joint advisory from the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI) and the Department of Defense Cyber Crime Center (DC3) warns of increased collaboration...more
On August 21, 2024, the United States Cybersecurity and Infrastructure Security agency, alongside government agencies in key global allies, including Australia, the UK, Canada, and Japan, released guidance on event logging...more
On June 24, 2024, the Division of Corporation Finance (“Corp Fin”) of the Securities and Exchange Commission (“SEC”) issued five new Compliance and Disclosure Interpretations (“C&DIs”) related to the disclosure of “material”...more
7/11/2024
/ Corporate Governance ,
Cyber Attacks ,
Cyber Incident Reporting ,
Cybersecurity ,
Disclosure Requirements ,
Form 8-K ,
Publicly-Traded Companies ,
Ransomware ,
Reporting Requirements ,
Risk Management ,
Securities and Exchange Commission (SEC) ,
Securities Regulation
New regulations continue to push boards in the direction of active engagement in their cyber oversight role, including breach response. But, how can boards strike the right balance in their oversight role during a significant...more