There is little doubt that the U.S. Securities and Exchange Commission is making cybersecurity a top priority. SEC Chair Gary Gensler told a Senate committee on Tuesday, September 14, 2021 that the agency is developing a proposal on cybersecurity risk governance, which “could address issues such as cyber hygiene and incident…
I. OVERVIEW The U.S. Food & Drug Administration (“FDA”) has increased its focus on mitigating cybersecurity risks in medical device software. On June 24, 2021, the FDA issued two documents that are important not only for entities that service or remanufacture medical devices (“servicers” and “remanufacturers,” respectively), but also original equipment…
The exponential rise in ransomware attacks in the past year has everyone on high alert, not least of which are regulators. Following on the heels of a June 2, 2021 White House memo addressing ransomware prevention, on June 30, 2021 the New York Department of Financial Services (“NYDFS”) issued new ransomware guidance of its…
In 2021, ransom and ransomware have been transformed from techno-speak to a topic on the tip of the tongue of every executive and business leader. High-profile attacks have disrupted American life as never before, but even ransomware events that don’t make the front page can be significant enough to cripple…
By this point, most businesses that regularly send and receive funds electronically have heard about the risk of wire fraud scams in which an intruder changes wiring instructions and diverts funds to its own account, insidiously crafted to look like the proper account. But detecting these scams before they come…
On May 12, President Biden signed an Executive Order on Improving the Nation’s Cybersecurity. The order comes on the heels of a number of recent widely reported cybersecurity crises, including the Solar Winds and Microsoft Exchange compromises, that brought renewed attention to the glaring gaps in supply chain security. By wading into the issue of software…
On 31 March 2021 the Dutch Data Protection Authority (DPA) announced that it fined the online reservation platform Booking.com €475,000 for failing to notify the DPA of a data breach within the timeline established in the GDPR. The decision signals European regulators’ growing scrutiny of how companies exercise discretion in incident response decisions….