We get Privacy for work — Episode 7: What Is a WISP and Why Your Organization Must Have One
No Password Required: SVP at SpyCloud Labs, Former Army Investigator, and Current Breakfast Champion
Monumental Win in Data Breach Class Action: A Case Study — The Consumer Finance Podcast
FBI Lockbit Takedown: What Does It Mean for Your Company?
Privacy Officer's Roadmap: Data Breach and Ransomware Defense – Speaking of Litigation Video Podcast
Cybersecurity in Video Games & Esports
2023 DSIR Deeper Dive: Plaintiffs’ Attorneys Are Trying to Assert a New Cause of Action Against Universities Based on an Old Law Regulating Videotape Service Providers
Podcast: A Conversation with Andy Rotherham on Hot Topics in Education for 2023
No Password Required: Threat Intelligence Analyst at Recorded Future, the Ransomware Sommelier, and a Guy With a Mildly Exciting Expense Account
Compliance & Disaster Preparedness
2023 DSIR Report Deeper Dive into the Data
Episode 282 -- CISO and CCOs -- The Evolving Partnership
No Password Required: Threat Researcher at Cisco Talos and a Veteran of the Highest-Profile Cyber Incidents Who Roasts His Own Coffee Beans
Innovation in Compliance - The Role of Backup Systems in Cybersecurity Defense with Curtis Preston
Cyber Threats
No Password Required: The Teenage CEO of Girls Who Hack and Secure Open Vote, Who Is as Comfortable Behind a Mic as She Is Behind a Keyboard.
Hinshaw Insurance Law TV – Cybersecurity Third and Final Part: Ransomware
Can Cyber Investigations Be Canned? - Unauthorized Access Podcast
[Podcast] NSA Cybersecurity Services for Defense Contractors
Understanding the Additional Risks When Making a Ransomware Payment
IBM and the Ponemon Institute have released the 2025 Cost of a Data Breach Report. The report, which has become an annual late-summer tradition, highlights the evolving risks and costs associated with data breaches. This...more
Ransomware group Akira is believed to be behind a large number of attacks that appear to be tied to SonicWall firewalls with SSLVPN enabled. Over the past week, a large number of attacks by the ransomware group Akira have...more
Australia has implemented a first-of-its kind requirement for eligible businesses to report ransomware payments. From 30 May 2025, eligible businesses that make a payment in response to a cyber security incident, or become...more
2024 was a year chock-full of data breaches and privacy violations. Many new data privacy and cybersecurity regulations were introduced (and became effective), and regulators sent a strong message to businesses that privacy...more
There is news coming from the U.S. cyber community for organizations that use Cleo’s software products: if your organization or your vendors use Cleo’s Cleo Harmony, VLTrader, or LexiCom products, you may be at heightened...more
Part III: Leveraging Insurance to Mitigate AI Risks - As boards navigate the complex landscape of AI integration, the risks associated with this powerful technology are multifaceted and evolving. From potential data breaches...more
With the recent wave of ransomware and other security incidents, it is now more important than ever for impacted organizations to have a thorough understanding of each element of a proper data breach response. That includes...more
Judge Engelmayer’s 107-page dismissal of most of the U.S. Securities and Exchange Commission (SEC)’s claims against SolarWinds provides valuable guidance, and some comfort, for public companies and Chief Information Security...more
Threat actors are evolving. Our Privacy, Cyber & Data Strategy Team explains how ransomware gangs have changed their tactics and how companies can respond to the threat while navigating new scrutiny from investors and...more
Data breaches come in many different forms, sizes, and levels of complexity, but they tend to share certain key facts: A third-party bad actor—whether through a phishing attack, a ransomware attack, exploitation of a zero-day...more
In order to provide an overview for busy in-house counsel and compliance professionals, we summarize below some of the most important SEC enforcement developments from the past month, with links to primary resources...more
The White House released the long-anticipated National Cybersecurity Strategy on March 2, 2023 setting out five (5) pillars articulating key themes and Administration priorities. Coming more than two years into the Biden...more
I. Overview - Data breaches are every day occurrences and major high profile breaches are becoming more common. In the past three years, industry-leading companies such as Microsoft (250 million records, December 2019),...more
Our Privacy, Cyber & Data Strategy and White Collar, Government & Internal Investigations teams offer key takeaways that companies should consider in the wake of the Justice Department’s first prosecution of a corporate...more
Your business was hit with a ransomware attack over the weekend, and the critical systems are locked up (i.e., encrypted). To unlock those valuable systems and continue operating the business, the threat actor demands...more
The Third Circuit Court of Appeals has given new life to a putative class action suit led by a former employee of a company that suffered a ransomware attack, leading to her sensitive information being released onto the Dark...more
In a joint letter this summer, the UK’s data protection regulator (the ICO) and the UK’s National Cyber Security Centre (the NCSC) sought to convey some key messages to the legal profession relevant to advising clients...more
On May 5, 2022, the U.S. Department of Health and Human Services (HHS) issued a report entitled “Ransomware Trends in the HPH Sector” (HHS Report) that reviewed key cybersecurity threats and trends affecting the U.S....more
Ransomware attacks have become headline news in the mainstream media, and a hot topic not only on this blog but in government circles. And with good reason as the United States suffered a staggering 421.5 million ransomware...more
On March 15, 2022, President Joe Biden signed into law the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA), which increased funding for the federal Cybersecurity and Critical Infrastructure Agency (CISA) and...more
This month, the Securities and Exchange Commission (SEC) proposed new cybersecurity disclosure rules for publicly traded companies. The comment period is ongoing, but the take-away for public companies is immediate: a public...more
The conflict in Ukraine has raised significant cybersecurity concerns for businesses in the United States and across the world, resulting in an increased focus on using cyberinsurance to mitigate any resulting losses. The...more
According to reports, Kronos, the cloud-based, HR management service provider, suffered a data incident involving ransomware affecting its information systems. Kronos communicated that it discovered the incident late on...more
Along with seeking to analogize COVID-19 physical loss or damage to that in the fumes or contaminants context, policyholders are now also attempting to rely on cases discussing the bounds of physical loss or damage in the...more
On October 15, 2021, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) released guidance on sanctions compliance for the digital currency industry, the agency’s most detailed guidance to date on...more