No Password Required: LIVE From Sunshine Cyber Con
An Update On IOT Device Breaches, Framework, And Legislation
Your Cyber Minute: Importance of the GDPR to the global business community
Your Cyber Minute: The Implications of the GDPR for Cybersecurity
How to Respond to President Obama's Cybersecurity Executive Order
On September 3, 2025, the General Court of the European Union dismissed an action for annulment brought by a French member of Parliament against the European Commission's decision recognizing the adequacy of the level of...more
What is a risk management framework? Implementing the principles and guidelines of a risk management framework (RMF) is not just an effective way to manage current risks, it also provides a structured risk assessment process...more
The UK Financial Conduct Authority (FCA) published a summary of discussions held throughout 2024 with industry members of the FCA's Cyber Coordination Group programme. The publication is not intended to introduce any...more
Cybersecurity is now a core element of legal, regulatory, and business risk management. In Latin America and the Caribbean, organizations face mounting pressure to demonstrate proactive compliance with evolving data...more
In its FY 2026 budget, Ohio quietly folded in a sweeping cybersecurity mandate that will require every “political subdivision” to have a cybersecurity program that aligns with recognized industry frameworks and adopt strict...more
On April 14, 2025, the National Institute of Standards and Technology (“NIST”) released draft updates to the NIST Privacy Framework, designed to address current privacy risk management needs, enhance usability, and align the...more
Law firms handle confidential information and documents that require diligent protection. The stakes are high, the regulations and their sources are vast, and technology is sophisticated and ever-changing....more
Our Privacy, Cyber & Data Strategy Team discusses the new Cyber Resilience Act (CRA) that affects manufacturers and distributors of connected devices that are in use anywhere in the European Union....more
On 30 November 2022, OpenAI made its ChatGPT generative artificial intelligence chatbot publicly available. In the two years since, its unprecedented growth has fostered a dramatic shift in public attention to and interest in...more
The National Institute of Standards and Technology (NIST) has been a leading voice in cybersecurity standards since 2013, when President Obama’s Executive Order on Improving Critical Infrastructure Cybersecurity tasked NIST,...more
On December 4, 2024, four of the five members of the Five Eyes intelligence-sharing group (the United States, Australia, Canada, and New Zealand) law enforcement and cyber security agencies (Agencies) published a joint guide...more
Forming part of the EU’s broader digital and cyber security strategy, the new Network and Information Systems Directive 2022/2555 (NIS2) came into effect on 18 October 2024 (this being the deadline by which the directive is...more
On 29 November 2024, the Australian Senate passed the Privacy and Other Legislation Amendment Bill 2024 (Cth) (the Privacy Act Bill). This follows the passage of the Cyber Security Act 2024 (Cth), and other cyber-security...more
The increased use of artificial intelligence (AI) in the banking, insurance, and financial services industries has led the New York State Department of Financial Services (NYDFS or Department) to publish an Industry Letter on...more
Let’s role-play the title “Chief Information Security Officer” (CISO) as various chess pieces, each representing different aspects of the challenges and responsibilities faced in this critical position. Examining these...more
On October 16, 2024, the New York State Department of Financial Services (the "DFS"), under its Cybersecurity Regulation—23 NYCRR Part 500—issued a memorandum providing guidance on the risks posed by artificial intelligence...more
At what point has a director served too long? What about term limits? A mandatory retirement age? When do a director’s skills become stale? These issues are addressed in this issue of The Informed Board, as well as why proxy...more
Cyber threats continue to grow as a result of increased digitization, widespread use of cloud computing, advanced connectivity and artificial intelligence (AI), requiring boards of directors across all sectors to focus more...more
Financial institutions and securities market participants continue to face escalating cyber threats – in frequency, volume, and severity. The many reasons for the escalating risk include: Financial services companies are...more
Oversight of data-related risks: From data governance to GenAI and cybersecurity While data governance has been a priority for companies for some time, the explosive growth in the use of generative artificial intelligence...more
Change Healthcare Inc. has amended its initial breach report to the HHS Office for Civil Rights (OCR) to state that 100 million individuals were impacted by its mammoth ransomware attack and breach. However, as of Oct. 24,...more
The conclusion of Cybersecurity Awareness Month is a reminder of the importance for organizations to implement robust security measures and promote good cyber hygiene. As we noted in our State of the Cyber Landscape webinar,...more
Our Health Care and Privacy, Cyber & Data Strategy Groups cover an upcoming proposed rule from U.S. Health and Human Services (HHS) that would formalize cybersecurity requirements and allow the Office for Civil Rights (OCR)...more
Organizations can prevent cyberattacks and minimize liability risks by reviewing and implementing these 10 important steps: Adopt a Zero Trust Network Access Framework, which requires all users to be authenticated,...more
On November 1, 2024, the next phase of several significant amendments to the New York Department of Financial Services’ (NYDFS) cybersecurity regulation take effect. These specific amendments, enacted in 2023, impact the...more