Breaches & Incident Response

On February 9, 2022, the Securities Exchange Commission (“SEC” or “Commission”) voted 3-1 to propose rules, forms and amendments concerning cybersecurity risk management, as well as registered investment adviser and fund disclosures. As we have previously discussed, the proposal under the Investment Advisers Act of 1940 (Advisers Act) and the Investment Company Act of

On March 29, 2022, the US federal banking regulators released instructions on how financial institutions should comply with recently adopted computer-security incident notification requirements.1 These instructions will assist financial institutions in satisfying their obligations under the new requirements once compliance is required on May 1, 2022.

Continue reading.

On March 15, 2022, President Biden signed into law the Consolidated Appropriations Act, 2022, H.R. 2471. Division Y of this omnibus appropriations legislation—the Cyber Incident Reporting for Critical Infrastructure Act of 2022—will create significant new rules requiring US critical infrastructure entities to report cybersecurity incidents and ransom payments to the US government. This legislation marks

On March 9, 2022, the US Securities and Exchange Commission (SEC) voted 3-1 to propose new rules and amendments under the Securities Exchange Act of 1934 that would constitute the SEC’s first attempt to adopt specific rules to comprehensively regulate cybersecurity risk management, strategy, governance and incident reporting for public companies (“registrants”). The stated goals

The top legal ethics headlines of 2021 and cybersecurity concerns as we head into 2022. Bloomberg Industry Group legal reporter Melissa Heelan and Veronica Glick, partner in Mayer Brown’s Washington DC office and a member of the firm’s National Security and Cybersecurity & Data Privacy practices, are guests. Hosted by Joe Shortsleeve.

Continue reading.

On November 18, 2021, the Board of Governors of the Federal Reserve System (“Federal Reserve”), Office of the Comptroller of the Currency (“OCC”) and Federal Deposit Insurance Corporation (“FDIC,” collectively with the Federal Reserve and OCC, the “Federal Regulators”) finalized new cyber incident notification requirements for institutions that they regulate and their service providers (the

2020 and 2021 saw sophisticated, coordinated cyber attacks affect some of the largest companies in the world. In the wake of these attacks, the Biden Administration and federal regulators—as well as businesses within the financial sector—are highly focused on cybersecurity. With a rapidly changing landscape, financial services companies are working hard to prepare for cyber

Our Cyber Perspectives series presents broad-ranging discussions with those contending with cybersecurity threats from the front lines.

Please join Mayer Brown’s Marcus Christian in conversation with Burt Fealing, Executive Vice President, General Counsel, Compliance and Corporate Secretary at Southwire Company. Topics will include:

  • Key lessons for corporate leaders about cybersecurity readiness
  • Evolution in the role

This past summer’s string of cyber enforcement actions signals that cybersecurity has become a top priority for the US Securities and Exchange Commission (“SEC”). These enforcement actions highlight the SEC’s scrutiny of written documentation and disclosures following incidents. In this National Cybersecurity Awareness Month Legal Update, we discuss the SEC’s recent cyber enforcement actions, as

What are the key priorities for businesses as they face cyber threats to industrial systems, including in manufacturing, infrastructure and other critical contexts? This panel, featuring in-house leaders from prominent multinational businesses, will address the practical tools used to manage industrial cyber risk and associated legal risk, including:

  • Assessing industrial cyber risk
  • Ensuring effective internal