William Ridgway

William Ridgway

Skadden, Arps, Slate, Meagher & Flom LLP

Contact

Readers' Choice Awards

Cybersecurity
Cybersecurity
View Bio
RSS

Latest Posts › Risk Management

Share:

The Last Piece of DORA Falls Into Place: 10 Lessons From the First Six Months

- What is new: The EU’s Delegated Regulation on Subcontracting has come into force, completing the legal framework of the Digital Operational Resilience Act (DORA). Attention will now turn to enforcement. - Why it matters:...more

7/24/2025  /  Compliance , Corporate Counsel , Cybersecurity , Digital Operational Resilience Act (DORA) , Enforcement Actions , EU , Financial Services Industry , Incident Response Plans , Regulatory Requirements , Risk Management

The EU’s New Cybersecurity Law for the Space Sector

On 25 June 2025, the European Commission announced its proposal for a “Space Act” that would introduce a new regulatory framework for EU space activities. The proposed framework includes cyber-resilience obligations for EU...more

7/9/2025  /  Compliance , Cybersecurity , Data Privacy , Enforcement , EU , National Security , Outer Space , Privacy Laws , Proposed Legislation , Regulatory Requirements , Reporting Requirements , Risk Management

Cybersecurity Trends in the Digital Asset Space

After years of regulatory uncertainty, the Trump administration has signaled a new approach to digital assets, including by establishing a working group focused on digital assets and nominating crypto-friendly chairs to the...more

5/6/2025  /  Artificial Intelligence , Blockchain , CFTC , Cryptocurrency , Cybersecurity , Data Privacy , Digital Assets , Enforcement Actions , Enforcement Priorities , FinTech , NYDFS , Popular , Regulatory Agenda , Regulatory Requirements , Risk Management , Securities and Exchange Commission (SEC) , State Attorneys General , Technology

Veto of Virginia AI Bill Raises Questions About the Future of State-Level Regulation

On March 24, 2025, Virginia Gov. Glenn Youngkin vetoed the High-Risk Artificial Intelligence Developer and Deployer Act (House Bill 2094). The bill, which had passed through the Virginia Legislature in February 2025, would...more

3/25/2025  /  Algorithms , Artificial Intelligence , Corporate Counsel , Employment Discrimination , New Legislation , Regulatory Agenda , Regulatory Requirements , Risk Management , State Legislatures , Technology Sector , Trump Administration

The Informed Board - November 2024

At what point has a director served too long? What about term limits? A mandatory retirement age? When do a director’s skills become stale? These issues are addressed in this issue of The Informed Board, as well as why proxy...more

11/25/2024  /  Acquisitions , Artificial Intelligence , Board of Directors , Corporate Governance , Cyber Attacks , Cybersecurity , Cybersecurity Framework , Data Privacy , Data Protection , Investment , Investors , Machine Learning , Mergers , National Security , Proxy Season , Publicly-Traded Companies , Regulatory Agenda , Regulatory Requirements , Risk Management , Securities and Exchange Commission (SEC) , Shareholder Activism , Technology Sector

What Companies Can Do To Protect Against Cyberattacks … and the Litigation That Often Follows

Cyber threats continue to grow as a result of increased digitization, widespread use of cloud computing, advanced connectivity and artificial intelligence (AI), requiring boards of directors across all sectors to focus more...more

11/22/2024  /  Artificial Intelligence , Board of Directors , Corporate Governance , Crisis Management , Cyber Attacks , Cybersecurity , Cybersecurity Framework , Data Privacy , Machine Learning , Privacy Laws , Publicly-Traded Companies , Regulatory Oversight , Regulatory Requirements , Risk Management , Securities and Exchange Commission (SEC) , Securities Litigation , Third-Party

Navigating the New Cybersecurity Landscape: Key Implications of the EU’s NIS 2 Directive

The deadline for EU countries to transpose the expanded cybersecurity directive, NIS 2, into national law is 17 October 2024, but the implementation status varies significantly from country to country. Some of the member...more

10/14/2024  /  Corporate Governance , Cybersecurity , Data Privacy , Data Protection , Data Security , Deadlines , EU , National Security , Popular , Risk Management , Technology Sector

Developing and Using AI Require Close Monitoring of Risks and Regulations

As AI systems become more complex, companies are increasingly exposed to reputational, financial and legal risks from developing and deploying AI systems that do not function as intended or that yield problematic outcomes....more

9/30/2024  /  Artificial Intelligence , Corporate Governance , Cybersecurity , Data Privacy , NIST , Popular , Privacy Laws , Regulatory Agenda , Regulatory Requirements , Risk Management , Technology Sector , U.S. Commerce Department

The Informed Board - Summer 2024

Across industries, companies are facing new and uncertain regulatory pressures and demands in areas including artificial intelligence, sustainability, algorithmic pricing and fintech-bank relations. In this issue of The...more

9/10/2024  /  Algorithms , Antitrust Division , Artificial Intelligence , Banking Sector , Board of Directors , Competition , Corporate Governance , Department of Justice (DOJ) , Disclosure Requirements , Enforcement Actions , EU , Financial Institutions , FinTech , Multinationals , Price-Fixing , Regulatory Agenda , Regulatory Requirements , Reporting Requirements , Risk Management , Sustainability , Technology Sector , UK

AI Safety: The Role of the Board in Assessing and Managing AI Risk

As AI systems become more complex, companies are increasingly exposed to reputational, financial and legal risk from developing and deploying AI systems that do not function as intended or that yield problematic outcomes. The...more

9/4/2024  /  Artificial Intelligence , Corporate Governance , Cybersecurity , Data Privacy , EU , Machine Learning , Privacy Laws , Regulatory Agenda , Regulatory Requirements , Risk Assessment , Risk Management , Technology Sector , UK

ECB Mandates Board Expertise in Addressing ICT and Security Risks

Earlier this year, a dedicated policy prepared by the European Central Bank (ECB) came into effect requiring bank management bodies to broaden their collective understanding of and proficiency in identifying and dealing with...more

7/17/2024  /  Banking Sector , Corporate Governance , Cybersecurity , Data Privacy , EU , European Central Bank , Financial Institutions , Investment Funds , Risk Management

Colorado’s Landmark AI Act: What Companies Need To Know

Colorado has become the first state to enact a comprehensive law relating to the development and deployment of certain artificial intelligence (AI) systems. The Colorado Artificial Intelligence Act (CAIA), which will go into...more

6/24/2024  /  Artificial Intelligence , Colorado , Consumer Financial Products , Consumer Protection Laws , Cybersecurity , Data Privacy , Disclosure Requirements , FinTech , Machine Learning , New Legislation , Regulatory Reform , Regulatory Requirements , Risk Management

The Informed Board - Winter 2024

The oversight obligations of boards continue to expand. Recent enforcement actions and new laws in areas such as cybersecurity, artificial intelligence and supply chains create new challenges for boards, as we explain in this...more

2/19/2024  /  Acquisitions , Activist , Artificial Intelligence , Board of Directors , Canada , China , Competition , Corporate Governance , Cyber Incident Reporting , Cybersecurity , Disclosure Requirements , EU , Executive Orders , Federal Contractors , Financial Services Industry , Forced Labor , Germany , International Labor Laws , Life Sciences , Machine Learning , Manufacturers , Mergers , NGOs , Political Campaigns , Political Contributions , Political Conventions , Publicly-Traded Companies , Risk Assessment , Risk Management , Securities and Exchange Commission (SEC) , Shareholder Activism , Shareholders , Technology Sector , UK , Uyghur Forced Labor Prevention Act (UFLPA)

Emerging Expectations: The Board’s Role in Oversight of Cybersecurity Risks

Key Points - - New SEC rules from 2023 require public companies to report material cybersecurity incidents promptly and detail their cybersecurity risk management strategies in annual reports — requirements that increase...more

2/13/2024  /  Board of Directors , Corporate Governance , Cyber Incident Reporting , Cybersecurity , Disclosure Requirements , New Rules , Publicly-Traded Companies , Reporting Requirements , Risk Management , Securities and Exchange Commission (SEC)

FBI, DOJ and SEC Publish Guidance on Requesting Delayed Reporting of Material Cyber Incidents on Form 8-K: Takeaways for CISOs and...

The U.S. Securities and Exchange Commission (SEC) adopted final rules in 2023 that are intended to enhance and standardize disclosures regarding cybersecurity risk management, strategy, governance and incident reporting by...more

12/20/2023  /  Corporate Governance , Cyber Incident Reporting , Cybersecurity , Data Privacy , Data Protection , Department of Justice (DOJ) , Disclosure Requirements , FBI , Form 8-K , Incident Response Plans , Popular , Publicly-Traded Companies , Reporting Requirements , Risk Management , Securities and Exchange Commission (SEC)

What Does the SEC’s Complaint Against SolarWinds Mean for CISOs and Boards?

On October 30, 2023, the SEC filed a litigated complaint against SolarWinds, a software development company, and Timothy Brown, its chief information security officer (CISO). The SEC alleges that from October 2018, when...more

11/7/2023  /  Compliance , Corporate Governance , Cyber Attacks , Cybersecurity , Data Breach , Data Privacy , Data Protection , Data Security , Disclosure , Enforcement Actions , Information Security , Information Technology , Popular , Risk Management , Risk Mitigation , SolarWinds

Privacy & Cybersecurity Update - September 2023

In this month’s Privacy & Cybersecurity Update, we examine Delaware’s new comprehensive data privacy law, a joint statement by 12 data protection authorities on data scraping and data protection, a district court ruling on a...more

10/3/2023  /  California Privacy Protection Agency (CPPA) , Cybersecurity , Data Privacy , Data Protection , Popular , Privacy Laws , Risk Assessment , Risk Management , State and Local Government , State Data Privacy Laws , State Privacy Laws , Web Scraping

Privacy & Cybersecurity Update - July 2023

In this month’s Privacy & Cybersecurity Update, we examine the newly established data privacy framework between the EU and U.S. and new consumer privacy laws in Oregon and Texas. We also review a court ruling that delayed...more

8/2/2023  /  Biometric Information Privacy Act , California , California Privacy Rights Act (CPRA) , Cyber Incident Reporting , Cybersecurity , Cybersecurity Framework , Data Privacy , Data Transfers , Disclosure , EU , European Commission , European Economic Area (EEA) , General Data Protection Regulation (GDPR) , NYDFS , Oregon , Popular , Privacy Laws , Proposed Amendments , Regulatory Requirements , Risk Management , Texas

SEC Adopts Rules for Cybersecurity Risk Management, Strategy, Governance and Incident Disclosure

On July 26, 2023, the U.S. Securities and Exchange Commission (SEC) voted 3-2 to adopt final rules that are intended to enhance and standardize disclosures regarding cybersecurity risk management, strategy, governance and...more

7/28/2023  /  Compliance , Corporate Governance , Cyber Incident Reporting , Cybersecurity , Disclosure Requirements , New Rules , Proposed Rules , Publicly-Traded Companies , Regulation S-K , Reporting Requirements , Required Forms , Risk Management , Securities and Exchange Commission (SEC)

AI Risk: Evaluating and Managing It Using the NIST Framework

The rapid adoption of artificial intelligence (AI) technology into corporate environments has left many organizations understandably struggling with how to identify, measure and manage the unique risks of these nascent...more

5/19/2023  /  Artificial Intelligence , EU , NIST , Risk Management , Technology Sector , U.S. Commerce Department

Cybersecurity Challenges and Incident Response Preparedness During the Coronavirus Pandemic

The spread of the novel coronavirus has upended Americans’ lives in a matter of months. While life outside has ground to a standstill in many regions of the country, much of corporate America is meeting the unique challenges...more

3/29/2020  /  Best Practices , Coronavirus/COVID-19 , Corporate Executives , Cyber Attacks , Cybersecurity , Cybersecurity Information Sharing Act (CISA) , Data Breach , Data Protection , Hackers , Incident Response Plans , Network Security , NIST , Phishing Scams , Ransomware , Remote Working , Risk Management , Virtual Private Networks

A Dialogue With Corporate Counsel: Skadden’s Ninth Annual Pharmaceutical and Medical Device Seminar

On October 22, 2019, Skadden hosted our Ninth Annual Pharmaceutical and Medical Device Enforcement and Litigation Seminar in New York, which focused on U.S. enforcement issues companies face throughout the industry. The key...more

12/2/2019  /  Anti-Kickback Statute , Big Data , CDRH , Charitable Organizations , Co-payments , Data Privacy , Department of Justice (DOJ) , Dietary Supplements , Disgorgement , Drug Pricing , Enforcement Actions , False Advertising , False Claims Act (FCA) , Federal Food Drug and Cosmetic Act (FFDCA) , Federal Trade Commission (FTC) , Food and Drug Administration (FDA) , Food Manufacturers , Health Insurance Portability and Accountability Act (HIPAA) , Lanham Act , Life Sciences , Medical Devices , NAD , Off-Label Promotion , OIG , OPDP , Pharmaceutical Industry , Physician Compensation Arrangements , Pleading Standards , POM Wonderful v Coca Cola , REMS , RICO , Risk Assessment , Risk Management , SCOTUS , Tobacco

"The Emerging Need for Cybersecurity Diligence in M&A"

Cybercrime has emerged as one of the foremost threats a company faces. As a result of a few keystrokes, a company may find its customers’ data sold on the dark web, its intellectual property in the hands of a competitor or...more

4/20/2017  /  Acquisitions , Cyber Crimes , Cyber Insurance , Cybersecurity , Due Diligence , Incident Response Plans , Indemnification Clauses , Mergers , Network Security , Ransomware , Representations and Warranties , Risk Management

"Cybersecurity Trends for Boards of Directors"

Cybersecurity has in recent years become an integral component of a board’s role in risk oversight, but directors often find themselves in unfamiliar territory when it comes to formulating policies and oversight processes...more

4/14/2017  /  Board of Directors , China , Compliance , Customer Information , Cyber Insurance , Cybersecurity , Data Security , Disclosure Requirements , NYDFS , Oversight Committee , Popular , Ransomware , Risk Assessment , Risk Management , Securities and Exchange Commission (SEC) , State and Local Government
24 Results
 / 
View per page
Page: of 1

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
- hide
- hide