Latest Posts
Search for:
Tag

Cybersecurity

Browsing
In Cybersecurity

New York Cybersecurity Amendments Raise Regulatory Bar

by , and 8 Mins Read

Effective Nov. 1, the New York State Department of Financial Services has strengthened cybersecurity requirements for financial services companies. All companies should take account of these amendments, as these NYDFS regulations are increasingly referenced as key benchmarks for cybersecurity compliance programs. New York’s Department of Financial Services finalized significant amendments to the cybersecurity requirements for financial services companies in Part 500 of Title 23 of the Official Compilation of Codes, Rules and Regulations of the…

In Cybersecurity

Hacker attempts to use SEC rules to further exploit victims

by , , and 2 Mins Read

In a shocking show of gumption, a ransomware gang has reportedly not only hacked a US public company’s (MeridianLink) IT systems, but also filed a complaint on the SEC’s Tips, Complaints, and Referrals page, regarding Meridian Link’s claimed failure to disclose the incident in an 8-K in violation of the SEC’s new cybersecurity rules. Even though public companies are not yet required to comply with the new cybersecurity disclosure rules (8-K requirement goes effective on…

In Cybersecurity

New York State Sets the Bar for Cybersecurity Requirements

by , , , , , , and 8 Mins Read

Effective November 1, 2023, New York State Department of Financial Services (“DFS”) Strengthens Cybersecurity Requirements for Financial Services Companies. All companies should take account of these amendments, as these DFS regulations are increasingly referenced as key benchmarks for cybersecurity compliance programs. New York State’s Department of Financial Services (“DFS”) finalized significant amendments to 23 CRR-NY 500 NY-CRR, “Cybersecurity Requirements for Financial Services Companies” (“Part 500”). This follows two rounds of proposed amendments and public comment…

In Cybersecurity

CISOs, Internal Accounting Controls, Crown Jewels and Disclosure Procedures:  Peeling Back The Onion of the Solar Winds Enforcement Action

by , , , , , , and 12 Mins Read

In many ways, the Securities and Exchange Commission’s (“SEC”) October 30, 2023 enforcement action against software company SolarWinds Corporation (“SolarWinds”) and its chief information security officer (“CISO”) is a typical securities case. The first four counts involve alleged material misstatements by the public company related to widely reported operational turmoil that allegedly materially impacted the company. But aspects of the case may signal a change in how the SEC looks at cyber incidents, including internal…

In Artificial Intelligence

First Look at California Privacy Protection Agency’s Proposed Regulations on Risk Assessments

by , , and 3 Mins Read

On August 29, 2023, the California Privacy Protection Agency (“CPPA”) published draft regulations on risk assessments and cybersecurity audits required by the California Consumer Privacy Act (“CCPA”), as amended by the California Privacy Rights Act (“CPRA”). The CPPA will discuss the draft regulations at the upcoming public meeting on September 8, 2023. The draft regulations make clear that the CPPA has not yet begun formal rulemaking, and that the draft regulations are “intended to facilitate…

In Cybersecurity

Podcast Episode: The SEC’s Final Cybersecurity Rules – A Look at Evolving Risks in the New Age

by and 1 Min Read

In this episode, Cynthia Cole, IP & Technology Partner based in Palo Alto, is joined by Jerome Tomas, Chair of the Firm’s Securities and Exchange (SEC) and Financial Institutions Enforcement Group based in Chicago, as the two discuss the SEC’s recently issued Final Rules for Cyber and what this means for public companies. Listen in to learn more about: Why should you care? The SEC has brought enforcement actions before based on data breach disclosure-what’s different…

In Cybersecurity

SEC Adopts Final Cybersecurity Rules

by , , , , , , , , , , , , , , , , , , , and 8 Mins Read

In brief On July 26, 2023, the U.S. Securities and Exchange Commission (“SEC”) approved the final rules for Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure (“Final Rules”). As previously reported, the SEC first proposed amendments to its rules on disclosures regarding cybersecurity risk management, strategy, governance, and incident reporting by public companies on March 9, 2022 (“Proposed Rules”). Similar to the Proposed Rules, the Final Rules, broadly speaking, require (i) issuers to make disclosures…

In Cybersecurity

Ransomware Attacks: Who You Gonna Call? – TechStrongTV CISO Talk Episode

by 1 Min Read

Every CISO knows it’s not a matter of ‘if’ a cybersecurity incident will occur, but ‘when.’ Fortunately, there’s one name at the top of every CISO’s incident response list: Stephen Reynolds, partner in Baker McKenzie’s Intellectual Property & Technology Practice. Reynolds built a well-deserved reputation as a bulwark between organizations and the cybercriminals who attack them, and he is rightly seen as the man who can make the difference between an organization living on to…

Load More