As outlined by the Securities and Exchange Commission (SEC) in its proposed changes to rules regarding disclosure of cybersecurity incidents, there has been a steady increase in cyberattacks, some of which have had devasting effects on businesses, consumers, and investors. The SEC proposal is premised on the belief that investors would benefit from more timely and consistent disclosure about material cybersecurity incidents and greater availability and comparability of disclosure by public companies.
Read more »Tag: incident response
-
SEC Proposes Rules to Increase Reporting About Cybersecurity Incidents Posted on: July 27, 2022 In: Data Privacy & Cybersecurity
-
UPDATE: Strengthening American Cybersecurity Act of 2022 Signed Into Law Posted on: March 28, 2022 In: Data Privacy & Cybersecurity
On March 15, 2022, the Strengthening American Cybersecurity Act, which includes the Cyber Incident Reporting for Critical Infrastructure Act of 2022 was signed into law by President Biden, thereby creating new reporting requirements for critical infrastructure entities. Under the Act, entities considered to be critical infrastructure must notify the Cybersecurity and Infrastructure Security Agency within 72 hours of discovering a covered cyber incident and within 24 hours of a ransomware payment.
Read more »
-
Standing Up the Strengthening American Cybersecurity Act of 2022 Posted on: March 16, 2022 In: Data Privacy & Cybersecurity
The U.S. Senate unanimously passed the Strengthening American Cybersecurity Act on March 1, 2022. If signed into law, it would create an affirmative obligation for critical infrastructure entities across 16 federally designated critical infrastructure sectors, including energy and financial services, to report cybersecurity incidents to the Cybersecurity and Infrastructure Security Agency.
Read more »
-
Banking Organizations & Bank Service Providers Subject to New Computer-Security Incident Notification Rule Posted on: November 24, 2021 In: Data Privacy & Cybersecurity
On November, 18, 2021, the Federal Deposit Insurance Corporation, the Board of Governors of the Federal Reserve System, and the Office of the Comptroller of the Currency issued a joint final rule to establish computer-security incident notification requirements for banking organizations and their bank service providers. The final rule's new definition narrows the focus to those incidents most likely to materially and adversely affect BOs, while still retaining general consistency with the NIST definition.
Read more »
-
You’ve Experienced a Ransomware Attack - Now What? 5 Practical Steps to Take In Response to a Ransomware Attack Posted on: March 11, 2021 In: Data Privacy & Cybersecurity
By now, most of you know that due to the COVID-19 pandemic and the shift to remote work, data security incidents increased both in number and severity in 2020 and show no signs of slowing down in 2021. What you may not know, however, is what to do when your business experiences a ransomware attack. This post details five steps your organization should take immediately to reduce the impact of the attack.
Read more »
-
Breach Notification Requirements Proposed for Banks Posted on: March 09, 2021 In: Data Privacy & Cybersecurity
On January 12, 2021, the Office of Comptroller of the Currency, the Federal Reserve Board, the Federal Deposit Insurance Company, and the Office of Thrift Supervision published a proposed rule that would substantially enhance banking organizations’ notification obligations in response to data security incidents. It would require a banking organization to provide its primary federal regulator with prompt notification of any “computer-security incident” that rises to the level of a “notification incident.”
Read more »
-
Top Five Cybersecurity Suggestions for 2021 Posted on: February 12, 2021 In: Data Privacy & Cybersecurity
As hard as it is to believe, we are already more than a month into 2021 – and our Data Privacy & Cybersecurity Team is well on its way to managing over 2,000 data security incidents this year. It serves as an important reminder that a few cybersecurity suggestions can have a big impact as we embrace the months to come. The following are our top five suggestions to enhance the security of your network, detect intruders more quickly, and reduce the scope and expense of data security events this year.
Read more »
-
Legislative Alert: Maryland Amends Data Breach Notification Law to Improve Incident Response Posted on: May 16, 2019 In: Data Privacy & Cybersecurity
On April 30, 2019, Maryland enacted an amendment to Maryland’s Personal Information Protection Act (Md. Code Ann. § 14-3504), which becomes effective on October 1, 2019. The amendment was introduced in response to a rise in consumer complaints about identity theft.
Read more »