Today, April 4, 2024, Cybersecurity and Infrastructure Security Agency (“CISA”) officially published its long-awaited Notice of Proposed Rulemaking (“Proposed Rule”) for the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (“CIRCIA”). The Proposed Rule requests written comments from the public no later than June 3, 2024. CISA will then have 18 months to promulgate a final rule which is expected to be finalized and in effect by October 2025. CIRCIA Big Picture CIRCIA is…
This past year brought the rapid rise of ChatGPT and other generative AI platforms, accompanied by several noteworthy legal and regulatory developments. 2024 promises to continue with technology advances, making it a pivotal year for businesses navigating global data privacy and cybersecurity risks. Our Baker McKenzie Top 10 predictions for 2024 follow. AI-enhanced cyber threats will increase globally. Threat actors will continue to leverage AI for increasingly sophisticated attacks, exploiting new technologies to enable highly-personalized…
In many ways, the Securities and Exchange Commission’s (“SEC”) October 30, 2023 enforcement action against software company SolarWinds Corporation (“SolarWinds”) and its chief information security officer (“CISO”) is a typical securities case. The first four counts involve alleged material misstatements by the public company related to widely reported operational turmoil that allegedly materially impacted the company. But aspects of the case may signal a change in how the SEC looks at cyber incidents, including internal…
Trillions of dollars are spent on M&A each year, yet reports suggest that less than 10% of deals integrate cybersecurity into the due diligence process.1 Despite the FBI and private watch dog groups raising multiple warning flags about ransomware groups hitting more and more companies in the middle of significant transactions like M&A, and despite increased focus from the FTC and the SEC on data security failures as legitimate reasons for shareholder and government enforcement…
Commission Seeks Public Comment on Wide Range of Issues in Proposal On February 9, 2022, the Securities and Exchange Commission (SEC or Commission) voted 3-1, with Commissioner Peirce, the lone remaining Republican appointee opposed, to propose new rules under the Investment Advisers Act of 1940 (Advisers Act) and the Investment Company Act of 1940 (Investment Company Act) related to cybersecurity risk management, reporting of breach events, and recordkeeping for registered investment advisers and investment funds.1 If…
As organizations continue to create more data and the threat of cyber risk continues to grow and evolve, businesses are trying to keep up with advancing technologies, find new ways to prepare for cyber-attacks, and mitigate the associated risks. While some of these actions typically occur in response to an attack (e.g. fixing exploited flaws and vulnerabilities, and upgrading technology to better monitor future threats), proper data management is critical to reducing the risks to…
Navigating multiple regulatory frameworks requires cross-border awareness and cooperation by numerous teams when a data breach occurs across international borders. In this particular session on International Regulatory Updates (Asia Pacific), our Partner Sonia Ong shares her views on recent and pending regulatory developments, and the future of international data protection laws in the region particularly across Southeast Asia. This webinar is part of the virtual program of the Santa Monica Cyber Risk Summit organized by…