Herb Stapleton's FBI Experience Proves to be Asset to Dinsmore's Corporate Team
Former FBI Executive and Cybersecurity Leader Herbert Stapleton Joins Dinsmore’s National Corporate Practice
No Password Required: Former Lead Attorney at U.S. Cyber Command, Cyber Law Strategist, and Appreciator of ‘Mad Men’ Hats
No Password Required: SVP at SpyCloud Labs, Former Army Investigator, and Current Breakfast Champion
Fintech Focus Podcast | Responding to a Cyber Attack – Key Considerations for GCs and CISOs
On-Demand Webinar: Bring Predictability and Reduce the Spiraling Cost of Cyber Incident Response
Episode 334 -- District Court Dismisses Bulk of SEC Claims Against Solarwinds
The Justice Insiders Podcast - Human Beings: Cybersecurity's Most Fragile Attack Surface
FBI Lockbit Takedown: What Does It Mean for Your Company?
Privacy Officer's Roadmap: Data Breach and Ransomware Defense – Speaking of Litigation Video Podcast
Decoding Cyber Threats: Protecting Critical Infrastructure in a Digital World — Regulatory Oversight Podcast
No Password Required: Chief Adversarial Officer at Secure Yeti, a DEF CON Groups Global Ambassador, and a World-Class Awkward Hugger
2023 DSIR Deeper Dive: How International and Domestic Regulatory Enforcement Spotlights the Information Governance Tensions Between ‘There’ and ‘Here’ and Between ‘Keep’ and ‘Delete’
Marketing Minute with NP Strategy (Video): How to Respond to a Cyber Security Breach
Life With GDPR – Lessons Learned from The Singtel Opus Data Breach
No Password Required: Founder and Commissioner of the US Cyber Games, CEO of the Cyber Marketing Firm Katzcy, and Someone Who Values Perseverance Over Perfection
2023 DSIR Deeper Dive: State Privacy and Data Collection
Digital Planning Podcast Episode: When Cyber Attacks Hit Home
No Password Required: Threat Intelligence Analyst at Recorded Future, the Ransomware Sommelier, and a Guy With a Mildly Exciting Expense Account
Compliance & Disaster Preparedness
In November 2024, the Township of White Lake, Michigan, fell victim to a cyberattack resulting in the wiring of approximately $29 million to the unauthorized account of the culprit. Before White Lake imminently closed on its...more
In a significant turn of events on July 2, 2025, the SEC, SolarWinds Corp. and its Chief Information Security Officer (CISO), Timothy Brown, announced through a joint letter to the U.S. District Court for the Southern...more
Cyber regulations are crucial for the protection of individuals and businesses and aid in risk minimization; failure to comply with these regulations can result in severe consequences such as financial penalties, legal...more
Last month, Paul Hastings sponsored the Cybersecurity Law Workshop at the Spring Privacy & Security Forum held at George Washington University in Washington, D.C. The Cybersecurity Workshop featured three panels of experts...more
The cybercrime group known as Scattered Spider is at it again, according to Google’s Threat Intelligence Group. This criminal group is known to focus its cyber attacks on one sector at a time. Last spring, it was the retail...more
Welcome to our sixth volume and first issue of 2025 of Decoded - our technology law insights e-newsletter. We have been publishing for six years and could not continue without our committed readers and your insights....more
The SEC continues to leave its mark as a federal cybersecurity enforcer and closed out the year by charging another company with making misleading statements about a cybersecurity attack and failing to maintain cyber-related...more
Paul Hastings released its SEC Cyber Incident Disclosure Report today, providing a unique look at how public companies have responded to new incident disclosure requirements. The Securities Exchange Commission (SEC) approved...more
The SEC was increasingly active in fiscal year (FY) 2024 in pursuing enforcement actions involving cybersecurity incidents and artificial intelligence (AI) (query how long society will continue to define AI; harkens to the...more
In late June, the staff of the U.S. Securities and Exchange Commission’s Division of Corporation Finance released five new compliance and disclosure interpretations regarding the disclosure of material cybersecurity incidents...more
On October 22, 2024, the Securities and Exchange Commission (SEC) announced enforcement actions against several technology companies for making materially misleading disclosures regarding cybersecurity risks and intrusions....more
The U.S. Securities and Exchange Commission's ("SEC") Division of Enforcement has recently brought a spate of enforcement actions relating to key topics for public companies. These include enforcement actions related to...more
On October 22, 2024, the U.S. Securities and Exchange Commission (SEC) charged four publicly traded technology companies with making materially misleading disclosures regarding cybersecurity risks and incidents (SEC press...more
Continuing its controversial and aggressive approaches to cybersecurity, the U.S. Securities and Exchange Commission (SEC) recently charged four current and former public companies for purportedly “materially misleading...more
The U.S. Securities and Exchange Commission (SEC) Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure rules officially went into effect in December 2023. Aimed at improving cybersecurity risk...more
The SEC on Oct. 22, 2024, announced charges against four companies for allegedly making materially misleading disclosures concerning the impact of cybersecurity incidents associated with the compromised SolarWinds' Orion...more
On October 22, 2024, the SEC charged two current reporting companies, Unisys Corp. and Check Point Software Technologies, and two former public companies, Mimecast Limited and Avaya Holdings Corp., with making materially...more
On October 22, 2024, the SEC announced that it had entered into settlements with four separate companies for making allegedly misleading disclosures about how they were impacted by the SolarWinds data breach in 2019. The...more
On Oct. 22, 2024, the Securities and Exchange Commission announced that it charged four technology companies with making materially misleading disclosures about the effect the SolarWinds cyberattack had on these issuers. To...more
By now, public companies are generally aware of the cybersecurity rules adopted by the U.S. Securities and Exchange Commission a year ago, requiring public companies to disclose material cybersecurity incidents under Item...more
I work for a public company that recently experienced a ransomware attack. Fortunately, we were able to restore our business operations quickly by obtaining a decryption key from the threat actor. Given that we managed to get...more
Judge Engelmayer’s 107-page dismissal of most of the U.S. Securities and Exchange Commission (SEC)’s claims against SolarWinds provides valuable guidance, and some comfort, for public companies and Chief Information Security...more
On July 18, 2024, Judge Paul A. Engelmeyer of the U.S. District Court for the Southern District of New York issued a 107-page opinion dismissing most of the Securities and Exchange Commission’s (SEC) case against SolarWinds...more
On July 18, 2024, the U.S. District Court for the Southern District of New York dismissed most of the claims brought by the Securities and Exchange Commission (the “Commission”) against SolarWinds Corp. and its Chief...more
Section 13(b)(2)(B) of the Securities Exchange Act of 1934 requires public companies to “devise and maintain a system of internal accounting controls.” In a recent opinion, a New York federal court rejected the Securities...more