Category

Cybersecurity

Category

After years of legislative debate, Congress passed a new law requiring key businesses to report certain data breaches—or “covered incidents”—to the government. Signed by President Biden on March 15, 2022, the law, part of the Strengthening American Cybersecurity Act, requires companies that operate critical infrastructure—financial institutions, utilities, and other organizations—to share information with the Cybersecurity and Infrastructure Security Agency (CISA) about certain cybersecurity incidents within 72 hours and ransomware payments to cyber criminals within 24…

In brief On March 9, 2022, the U.S. Securities and Exchange Commission (“SEC”) proposed amendments to its rules on disclosures regarding cybersecurity risk management, strategy, governance, and incident reporting by public companies. These rules are intended to enhance and standardize cybersecurity disclosures, and, if adopted in their current form, would require public companies to disclose cybersecurity-related policies, procedures and all material cybersecurity incidents. Key takeaways On March 9, 2022, the SEC proposed new disclosure requirements…

Whether you are creating new virtual worlds, realities or universes, the digital assets that populate them, or the infrastructure that enable individuals to interact and transact in them, there are numerous legal issues that you may have to navigate. Here are four potential pitfalls that creators of and in the metaverse should avoid. Foregoing Legally Enforceable Contracts. Relying on smart contracts, dapps and other programs exclusively expressed in code to govern transactions between parties can…

Commission Seeks Public Comment on Wide Range of Issues in Proposal On February 9, 2022, the Securities and Exchange Commission (SEC or Commission) voted 3-1, with Commissioner Peirce, the lone remaining Republican appointee opposed, to propose new rules under the Investment Advisers Act of 1940 (Advisers Act) and the Investment Company Act of 1940 (Investment Company Act) related to cybersecurity risk management, reporting of breach events, and recordkeeping for registered investment advisers and investment funds.1 If…

The revised draft Cyber Security Law released by the Ministry of Transport and Communications (MOTC) on 13 January 2022 (“Draft Law 2.0”) sets out certain requirements on a digital platform service provider (DPSP). Failure to comply with the requirements could result in a fine, suspension of the relevant digital platform service (DPS) or revocation of any existing license held by the DPSP. Additionally, the MOTC may act in the public interest and shut down any…

As organizations continue to create more data and the threat of cyber risk continues to grow and evolve, businesses are trying to keep up with advancing technologies, find new ways to prepare for cyber-attacks, and mitigate the associated risks. While some of these actions typically occur in response to an attack (e.g. fixing exploited flaws and vulnerabilities, and upgrading technology to better monitor future threats), proper data management is critical to reducing the risks to…

A flaw in a widely used software threatens system security and makes companies vulnerable to cyber threats. The Apache Software Foundation released an advisory that Apache Log4j versions up to and including 2.14.1 has a defect that may allow threat actors to execute arbitrary code and deploy viruses including ransomware on that IT infrastructure. Entities that directly or indirectly leverage this software should act with haste to mitigate the risk of a data incident. These…