Every CISO knows it’s not a matter of ‘if’ a cybersecurity incident will occur, but ‘when.’ Fortunately, there’s one name at the top of every CISO’s incident response list: Stephen Reynolds, partner in Baker McKenzie’s Intellectual Property & Technology Practice. Reynolds built a well-deserved reputation as a bulwark between organizations and the cybercriminals who attack them, and he is rightly seen as the man who can make the difference between an organization living on to…
After months of debates, on 24 January 2023, France enacted the Orientation and Programming Law (LOPMI) which introduced amendments to the insurability of losses and damages paid in response to cyber-attacks. At the center of the debates: the insurability of ransom payments. The LOPMI has confirmed such insurability with conditions. Pursuant to article 5 of the LOPMI, introduced under the French Insurance Code at article L. 12-10-1: “The payment of a sum pursuant to an…
In the first of this two-part series, Brian Hengesbaugh, Global Chair of Privacy and Security at Baker McKenzie, is joined by Cyrus Vance Jr., Global Chair of Cybersecurity, as the two discuss the alarming increase in cybercrimes, looking broadly at the trends, public safety risks and legal implications for the business community, particularly as it pertains to boards and senior management navigating the current threat landscape. Listen to learn more about: Why it is difficult to…
In brief Critical infrastructure has been the focus of several recent US cyber readiness initiatives, although the results have left a patchwork of regulations that may be enforced differently across sectors and federal agencies. As an example, in March 2022, President Biden signed into law the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (“CIRCIA”), which will require critical infrastructure organizations to report cyber incidents and ransom payments to the US Cybersecurity and Infrastructure…
The European Commission proposed its first draft of the cybersecurity legislation, the Cyber Resilience Act (“CRA”), on 15 September 2022. The CRA is one part of a range of EU legislative measures aimed at increasing the overall cyber security and cyber resilience of the EU and businesses operating within it. The CRA will create a new regulatory framework and set of rules for software and hardware products falling under the definition of “products with digital…
Cybercrime is an increasingly pressing problem for societies at large, with digital transformation, remote working and geopolitical issues bringing about increased cyber threats and attacks. In 2016 the European Parliament adopted the Network and Information Security Directive (NISD), the first EU-wide legislation on cybersecurity, and the revised legislation, NIS2, has just been published. NISD required the implementation of certain risk management and reporting obligations on operators of essential services (OES), which included entities maintaining critical…
Trillions of dollars are spent on M&A each year, yet reports suggest that less than 10% of deals integrate cybersecurity into the due diligence process.1 Despite the FBI and private watch dog groups raising multiple warning flags about ransomware groups hitting more and more companies in the middle of significant transactions like M&A, and despite increased focus from the FTC and the SEC on data security failures as legitimate reasons for shareholder and government enforcement…
Following President Xi Jinping’s announcement that China would seek to join the newly-created Digital Economy Partnership Agreement (“DEPA”) at the 2021 G20 Summit in Rome, China’s Ministry of Commerce (“MOFCOM”) formally applied for China to join the agreement on November 1, 2021. The DEPA, which is described as the first trade agreement to target the digital economy, has been entered into by New Zealand, Singapore, and Chile. It contains 16 articles covering provisions on facilitating…
The Vietnamese Government has just issued Decree No. 53/2022/ND-CP dated 15 August 2022 detailing a number of articles of the Cybersecurity Law (“Decree 53”).
On June 14, 2022, Baker McKenzie held its inaugural Cybersecurity Symposium in New York in conjunction with the Association of Corporate Counsel (ACC). It was a thought-provoking day discussing trends and fresh insights from key players in the government and private sector, the ever-changing regulatory landscape, best practices for cyber-readiness and practical advice to manage cyber-threats, data breach response, insurance and related litigation. The following video provides valuable information and key-takeaways in connection with cybersecurity…