On December 12, 2023, the Department of Justice (DOJ) issued guidelines for companies to follow in requesting that the Attorney General authorize delays of cyber incident disclosures required by the U.S. Securities and Exchange Commission (“SEC”) pursuant to Form 8-K Item 1.05.

In July, the SEC finalized a rule (the “Final Rule”), which comes

On November 1, 2023, the New York Department of Financial Services (“NYDFS”) finalized the amendment to its cybersecurity regulation (the “Amendment”). The Amendment expands cybersecurity requirements across many areas—from governance to incident response to access controls.

The Amendment follows the three published drafts: two proposals published for formal notice and comment in November 2022 and

The Second Amendment to the New York Department of Financial Services’ (“NYDFS”) Cybersecurity Requirements for Financial Services Companies (the “NYDFS Requirements”) is expected to be published in final form in the next two weeks. The Second Amendment will follow updated proposed amendments to the NYDFS Requirements published on June 28, 2023 (the “2023 Proposal”),1

Cybersecurity Awareness Month is a good time to highlight one trend in federal efforts to address cyber risk: proscriptive regulation of the information and communications technology and services (“ICTS”) supply chain.

Supply chain risk management is a broad field encompassing, among other things, federal efforts to improve software security, and proposals to revise the FAR

On July 26, 2023, the U.S. Securities and Exchange Commission (the “SEC”) issued a release, adopting final rules (the “Final Rules”) aimed at standardizing and enhancing disclosure relating to cybersecurity incidents and risk management processes. The SEC had proposed rules (the “Proposed Rules”) on March 9, 2022. The Final Rules reflect the considerable comments received

The New York Department of Financial Services (NYDFS) has proposed revisions to its cybersecurity regulation for banks, insurance companies and other financial services companies. The proposal significantly expands requirements for covered entities, including new requirements for larger companies, expanded governance requirements, additional notice and compliance certification requirements and more.

In this one-hour webinar, members of

On June 28, 2023, the New York Department of Financial Services (“NYDFS”) published updated proposed amendments to its cybersecurity regulation (the “2023 Proposal”) applicable to “covered entities.”1 Covered entities are any person operating under, or required to operate under, a license, registration, charter, certificate, permit, accreditation or similar authorization under the New York Banking