Episode 381 -- NAVEX's 2025 Annual Hotline Report
AI and the False Claims Act
Disparate Impact & Enforcement Rollbacks: What’s the Tea in L&E?
What’s in Your Operating Agreement? Legal Tips for Healthcare Providers
A New Brand of Uncertainty? — PE Pathways Podcast
The Rise of OTAs in Defense Contracting: Opportunities, Risks, and What Contractors Need to Know
Breaking the Cycle: Flooding, Infrastructure, and Climate Law in Practice
No Password Required: Former Lead Attorney at U.S. Cyber Command, Cyber Law Strategist, and Appreciator of ‘Mad Men’ Hats
Understanding BBB Ratings: Building Trust and Mitigating Risks — Regulatory Oversight Podcast
Beyond the Bylaws: The Medical Staff Show - Need to Know: How to Manage Medical Staff Confidentiality and Privilege Protections
False Claims Act Insights - The Mathematics of Nuclear FCA Verdicts
PODCAST: Williams Mullen's Benefits Companion - Cost, Care and Captives: A Mid-Size Employer’s Guide to Benefit Trends
Compliance Tip of the Day: Citibank and Continuous Monitoring
Lawyers Beware: There Could Be Serious Ethics Issues With The New AI Browsers
Compliance and AI: Navigating Risk Management in the AI Era with Gaurav Kapoor
Data Driven Compliance: Understanding the UK’s New Failure to Prevent Fraud Offense with Sam Tate
Avoiding a Bored Board
Compliance Tip of the Day: Crowd Sourcing Risk Intelligence
We get Privacy for work – Episode 6: The Potential Privacy Risks Inherent to Mergers and Acquisitions
Every CISO knows this feeling: You’ve invested millions in controls, passed every audit, and still wake up wondering if tonight’s the night everything falls apart....more
In our global, digital-first economy, cyberattacks are no longer isolated incidents targeting large organizations. They are a very real threat to businesses of all types and sizes, and law firms are a common target of cyber...more
Business continuity used to live in a binder, often reviewed once a year and quickly forgotten. Today, it has become a critical part of day-to-day risk management and operational strategy....more
Information leaks can range from internal decisions and salary data to intellectual property, strategy documents, or board minutes. Whether caused by accident or intent, all leaks demand immediate, structured action. Even...more
Health care remains one of the most targeted and vulnerable sectors when it comes to cyberattacks. In fact, a recent breach at a major health care analytics firm exposed the data of 5.4 million U.S. patients, making it one of...more
“You don’t rise to the level of your goals. You fall to the level of your systems.” — James Clear - Most security programs look good on paper. Policies exist. Controls are mapped. Frameworks are followed. Audits get...more
- What is new: The EU’s Delegated Regulation on Subcontracting has come into force, completing the legal framework of the Digital Operational Resilience Act (DORA). Attention will now turn to enforcement. - Why it matters:...more
In today’s always-online world, cyber resilience is a business imperative. For midsize and fast-growing small companies, the stakes have never been higher. The convergence of artificial intelligence (AI), increasingly...more
A single outage can spiral into hours of downtime, frustrated customers, and significant revenue loss across your business....more
The messages from government agencies and cybersecurity leaders at the end of June were clear – nation-state-sponsored cybersecurity threats are on the rise. Pro-Iranian “hacktivists” are targeting U.S. infrastructure and...more
Why automation without operational alignment increases risk, not agility - Automation in cybersecurity is everywhere. Alerts are routed instantly. Playbooks execute in seconds. Credentials are revoked, emails quarantined,...more
I didn’t plan on working in cybersecurity. My path wasn’t exactly traditional, but every job I had taught me how systems break—technical or operational, it didn’t matter. ...more
The dramatic increase in global reach that the internet provides U.S.-based companies comes as a double edge sword. While it significantly increases a company’s potential customer pool, it also subjects companies to...more
Earlier this year, North Dakota’s Governor signed HB 1127, which introduces new compliance obligations for financial corporations operating in North Dakota. This new law will take effect on August 1, 2025....more
On June 30, 2025, a Joint Advisory was issued by the National Security Agency, the Cybersecurity and Infrastructure Security Agency, the Federal Bureau of Investigation and the Department of Defense Cyber Crime Center issued...more
On June 30, 2025, the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), the National Security Agency (NSA), and the Department of Defense Cyber Crime Center (DC3) published a...more
Last month, Paul Hastings sponsored the Cybersecurity Law Workshop at the Spring Privacy & Security Forum held at George Washington University in Washington, D.C. The Cybersecurity Law Workshop featured three panels of...more
Several insurance companies have been targeted this month by cyberattacks, including AFLAC, Erie Insurance, and Philadelphia Insurance. The threat actor, Scattered Spider, is now focusing on the insurance industry. We want to...more
“Life can only be understood backwards; but it must be lived forwards.” – Søren Kierkegaard - Most security programs are designed to pass a test. Policies are documented. Controls are mapped. Tools are deployed. And for a...more
Our Privacy, Cyber & Data Strategy Team discusses how to overcome five challenges companies face in the wake of a data security incident when reviewing impacted data to comply with legal obligations....more
As tensions flare in the Middle East, speculation is growing over the potential impacts of Iranian cyberattacks targeting US based companies and infrastructure. We saw similar reactions in 2020 following the death of the head...more
Artificial intelligence (AI) systems are vulnerable to more than just threat actors. Our Privacy, Cyber & Data Strategy Group examines joint guidance issued by U.S. and international cybersecurity agencies that provides best...more
We’re back with a deeper dive into the 2025 Data Security Incident Response Report, which features insights and metrics from more than 1,250 incidents in 2024. This episode dives deeper into the data, including network...more
The cybercrime group known as Scattered Spider is at it again, according to Google’s Threat Intelligence Group. This criminal group is known to focus its cyber attacks on one sector at a time. Last spring, it was the retail...more
Enterprises don’t have a staffing problem. They have a systems problem. In a recent engagement, we were engaged to help improve a global SOC operation. Despite having over 30 analysts on staff, the team was missing...more