Blog Posts Tagged With Incident Response

Subscribe to Incident Response RSS Feed

2018 SEC Cybersecurity Guidance on Board Oversight

On February 21, 2018, the Securities and Exchange Commission (“SEC”) issued a statement and interpretive guidance on issuers’ cybersecurity disclosures.   For a general discussion of the guidance, see Davis Polk’s recent Client Memorandum.  Although the guidance does not impose any new requirements on issuers, the SEC’s emphasis on Board oversight of cybersecurity provides new meaning on existing requirements.

The SEC notes that “[t]o the extent cybersecurity risks are material to a company’s business,” its … Continue Reading

Cybersecurity Law and Regulatory Predictions for 2018

The new year is fast approaching.  2017 has been a year of major cyber incidents, including the Equifax breach.  Cybersecurity will continue to be a top concern for companies in the new year.  Avi Gesser spoke with Markets Media about his outlook for cybersecurity law and regulation in 2018.

Which hot topics/hype should be retired at the end of 2017?
The idea from 2017 that should be retired is that some new software innovation is … Continue Reading

One Million Dollar Breach Notification Fine for Indian Bank Shows Increased Efforts by Regulators to Force Information Sharing Following a Breach

The $1 million fine that was recently levied against Yes Bank shows the increasing risks of failing to provide timely breach notification.  On October 23, 2017, the Reserve Bank of India (“RBI”) announced that it was fining India’s Yes Bank $1 million USD for failing to comply with RBI’s breach notification requirement, among other violations.  Yes Bank experienced a cyber breach around May 2016, but did not become aware of the incident until September 2016.  … Continue Reading

The HBO Hack: Preparing for a Cyber Breach Extortion

Earlier this month, HBO disclosed that it is the latest victim of cyber breach extortion, which involves criminals hacking into a company’s computer system, extracting sensitive information (e.g., emails of executives) or valuable intellectual property (e.g., unreleased television scripts or episodes), and then threatening to make the information public if a ransom is not paid, usually in Bitcoin.  In the HBO case, the hackers claim that this is their 17th target and that all … Continue Reading

Less than Half of Financial Firms Subject to NY DFS Expect to Meet the Deadline for Compliance

A new report from the Ponemon Institute indicates that less than half of the nearly 600 financial institutions surveyed expect to meet the February 2018 deadline for certification of compliance with all of the cybersecurity rules from NY DFS that are applicable to them. Of those, nearly one-quarter said there was “no chance” they would be able to do so. Notwithstanding these challenges, the DFS has indicated on the FAQ section of its website that … Continue Reading

LexBlog