On March 19, 2025, the White House released Executive Order (EO) 14239, Achieving Efficiency Through State and Local Preparedness, which calls for a comprehensive review of and changes to many long-standing federal...more
As we noted in Federal Cybersecurity Policy in 2025: What to Watch in Changing Times, key parts of the Cybersecurity Information Sharing Act of 2015 (CISA 2015), the United States’ foundational cybersecurity information...more
Remote worker fraud is expected to continue to proliferate in 2025. Fully remote hiring and work, particularly in the technology sector, continues to pose unique business and legal risks for companies. Just in December 2024,...more
1/10/2025
/ Artificial Intelligence ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Employer Liability Issues ,
Foreign Nationals ,
Foreign Workers ,
Fraud ,
Fraud Prevention ,
Hiring & Firing ,
Identity Theft ,
Information Technology ,
Malware ,
North Korea ,
NYDFS ,
Popular ,
Remote Working ,
Risk Management ,
Social Media ,
Technology Sector
Verizon released its Data Breach Investigations Report (DBIR) for 2024, an annual treat that highlights some trends companies should be aware of as they manage their cybersecurity programs and respond to and anticipate new...more
The Security and Exchange Commission (SEC) Director of the Division of Corporate Finance, Erik Gerding, released a statement on May 21, 2024 that may have regulated entities scratching their heads about compliance and the...more
On April 30, 2024 the White House updated the foundational U.S. government policy that defines critical infrastructure (CI) sectors and establishes a coordination structure within the federal government to support owners and...more
On February 26, 2024, the National Institute of Standards and Technology (NIST) released the Cybersecurity Framework version 2.0 (CSF 2.0). CSF 2.0 is a generational update to NIST’s foundational cybersecurity guidance, which...more
The cyber reporting landscape is rapidly shifting. Many agencies are developing rules, and a major player has been the U.S. Securities and Exchange Commission (SEC), with important questions arising about implementation of...more
12/14/2023
/ Corporate Counsel ,
Cyber Incident Reporting ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Department of Justice (DOJ) ,
Disclosure Requirements ,
FBI ,
National Security ,
Public Disclosure ,
Public Safety ,
Risk Management ,
Securities and Exchange Commission (SEC)
Cybersecurity continues to be top of mind for federal and state policymakers. This advisory identifies and analyzes some major recent developments that present opportunities and challenges in the coming months for a broad...more
8/4/2023
/ Biden Administration ,
Cyber Incident Reporting ,
Cybersecurity ,
Cybersecurity Maturity Model Certification (CMMC) ,
Data Breach ,
Department of Defense (DOD) ,
Disclosure Requirements ,
FCC ,
Federal Agency Taskforce ,
Oil & Gas ,
OIRA ,
Pipelines ,
Risk Management ,
Securities and Exchange Commission (SEC) ,
TSA
Public companies will soon face new cybersecurity disclosure requirements from the Securities and Exchange Commission (SEC), which voted last week to approve a controversial new cybersecurity rule. The final rule—which is...more
8/2/2023
/ Corporate Governance ,
Cyber Incident Reporting ,
Cybersecurity ,
Disclosure Requirements ,
Final Rules ,
Form 10-K ,
Form 8-K ,
Publicly-Traded Companies ,
Regulation S-K ,
Reporting Requirements ,
Risk Management ,
Securities and Exchange Commission (SEC)
What: Publicly traded companies may soon be subject to additional cybersecurity reporting requirements. On March 9, 2022, the Securities and Exchange Commission (SEC) proposed rules and amendments to enhance and standardize...more