Cybersecurity Law Business Prep | News & Insights
Cybersecurity and the Law
This links to the home page

Business Preparedness

  • The Brexit Blindspot: Nuclear Retransfers
    January 15, 2019

    The UK is scheduled to leave the European Union on March 29, 2019. While the United States and UK governments have taken significant steps to ensure that contracts related to nuclear power stations and the nuclear fuel cycle are not interrupted, little public attention has been paid to the potential delay in commerce caused by the UK no longer being a member of the European Atomic Energy Community (EURATOM). This is particularly important because the U.S. Government will now need to provide its consent for retransfers of certain nuclear materials and components from the EURATOM countries to the UK, after the UK withdraws from EURATOM. While the U.S.- EURATOM Agreement for Cooperation provides a mechanism for the United States to provide its advance consent for these retransfers to the UK, the process itself could likely take at least several months and perhaps a year or more, as explained below. This article provides what we believe will be the potential impediments to commerce. However, the precise manner in which U.S. retransfer consent rights affect nuclear commerce with the UK will vary depending upon the specific circumstances of each proposed retransfer.

  • What’s Good for the Goose: Protecting against Vendor Cybersecurity Risk
    January 8, 2019

    Even when you’ve done your utmost to secure your organization’s cybersecurity—you’ve followed the advice of all the experts, you’ve checked all the boxes—you still may have an Achilles’ heel. Your cybersecurity is only as strong as its weakest point, which is often a vendor or supplier. In this context, a vendor could be anything from a cloud service provider, data processor, or IT engineer to an HR consultant, accounting firm, or health care benefits manager, while a supplier could be a key provider of manufacturing components or raw materials.

  • California Enacts Mini-GDPR Effective January 1, 2020
    July 3, 2018

    Covered businesses will need to update policies and procedures for responding to customer inquiries about collection, use, sale and disclosure of customers’ personal information or face stiff enforcement actions.

  • New Proposed DoD Cyber Guidance May Fuel Bid Protest Docket
    May 16, 2018

    Newly published draft DoD Guidance for Reviewing System Security Plans (SSP) and the “NIST SP 800-171 Security Requirements Not Yet Implemented” answer some questions but may also result in an increased protest docket due to ambiguous evaluation criteria.

  • The Future of WHOIS Searches Under the EU General Data Protection Regulation (GDPR)
    April 20, 2018

    Privacy laws occasionally conflict with the work of security professionals and law enforcement agencies. The most recent example of this comes in the form of the potential General Data Protection Regulation (GDPR) impacting the ICANN WHOIS Database. The debate is essentially over whether ICANN should continue to publish the name and contact details of domain registrants in the WHOIS database, or prioritize the privacy rights of the registrant under GDPR over security concerns and impact the work of researchers and organizations that rely upon this database.

  • Cybersecurity Partner Brian Finch Sees Link between SAFETY Act and Liability Protections for Software Makers
    March 28, 2018

    Cybersecurity, Data Protection & Privacy partner Brian Finch believes there might be a link between that idea and ongoing efforts by lawmakers to adjust the language of the SAFETY Act so that it is clear that it applies to cyber products. 

  • Atlanta Ransomware Attack Highlights Cyber Risks in Public Sector, Says Finch
    March 27, 2018

    Last week’s ransomware attack on the city of Atlanta underscores the cyber risks faced by the public sector and the need for government entities to match cyber defense measures increasingly adopted by the private sector as attacks have become more frequent and more sophisticated. Law360 reports that several of Atlanta’s municipal departments were affected by an outage resulting from a ransomware attack that encrypted some of the city’s data, including information from internal and external customer-facing applications.

  • Would You Like Malware with Your Grumpy Cat Meme?
    March 21, 2018

    Social media companies like Facebook and Twitter have written “white papers” and devoted considerable resources to projects intended to create services that encourage trust and a sense of familiarity on the part of users. Messages, photos and personal information are easily shared with groups of friends and co-workers, or in response to solicitations tailored to a user’s trusted brands, thus creating an environment of perceived safety and intimacy among users.

  • SEC Guidance Affirms Need for Board Oversight of Cybersecurity Risks
    Feb. 28, 2018

    In a prior client alert, we stated that “In light of evolving rules and jurisprudence concerning public companies’ duties around a data breach or other cyber incident, the board should work with professional service providers, such as its counsel, to perform a thorough review of the company’s cybersecurity policies, processes, vulnerabilities and protections.”

  • Wall Street Journal Op-Ed: Safety From Hackers—and Trial Lawyers
    Feb. 25, 2018

    A simple legislative fix would shield cybersecurity innovators from costly nuisance lawsuits.

  • No Signs of ‘Over-Phishing’ Yet: Tracking One of the Most Prevalent Initial Attack Vectors
    Feb. 8, 2018 | FireEye

    The U.S. Defense Department recently acknowledged that it receives 36 million emails every day containing some form of malware. This is an astonishing, but not altogether surprising figure. After all, the cost of launching cyber attacks via weaponized email is essentially negligible, and all types of malware, phishing kits and phishing-as-a-service offerings are available on the “dark web” for anyone who wants to use them. The only real question with that 36 million figure is: How fast will it grow, and will private companies soon see a similar volume of attacks?

  • DPO as a Service – Outsourcing the Role of Data Protection Officer
    Dec. 12, 2017

    Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (a.k.a. the General Data Protection Regulation or GDPR) will, as most business people are probably aware of by now, come into force across the EU on 25 May 2018.

  • What Corporate Directors Need to Know about Cybersecurity
    Nov. 14, 2017

    In the wake of cyberattacks adversely affecting publicly traded companies, plaintiffs’ attorneys specializing in shareholder lawsuits increasingly are seeking to hold corporate boards responsible.

  • Cybersecurity in the Health Care Industry
    Nov. 6, 2017

    An infographic providing statistics for cybersecurity in the health care industry. 

  • Cybersecurity in the Health Care Sector
    Sept. 28, 2017

    We live in an increasingly connected world -- one that offers a wealth of convenience, but also is susceptible to dangerous and reputation-threatening cyberattacks. These malicious acts disrupt critical business operations, impact bottom line and have the potential to affect the lives of millions of patients.

  • Cyber Criminals Win Playing the Insider Game
    Sept. 19, 2017

    Insider stock trading is commonly associated with employees at an organization who have access to privileged information. In recent years, that privileged information has entered the crosshairs of cyber criminals seeking to gain a competitive edge in stock trading.

  • The Best Defense Is a Good Offense: Any Cyber Defense Strategy Must Include Cyber Insurance
    Aug. 10, 2017

    Every single industry or business in this day and age has either been the victim of a cyber attack or is concerned they will be next. A few examples from the last couple of months show how widespread the problem is.

  • Don’t Rock the Vote: Helping State and Local Governments Fend Off Cyber Attacks
    March 21, 2017

    Voting in local, state and national elections could be viewed as a rudimentary form of social media, by which voters share their views and preferences via selection of a candidate or party platform. The distance between this “old school” social media and its multi-headed modern form has shrunk thanks to the advent of electronic voting machines and online voting. But, as always, with the implementation of new technologies comes new risks.

  • The Cyber Crystal Ball—Is There Insurance Coverage for the Top Threats of 2017? (Part II)
    March 16, 2017

    In part 1, we started answering the question whether specialty cyber policies are likely to respond to two of the top five cyber threats for 2017 identified by Experian Data Breach Resolution in its industry forecast. In part 2, we examine the remaining three.

  • The Cyber Crystal Ball—Is There Insurance Coverage for the Top Threats of 2017? (Part I)
    March 14, 2017

    Cyber sages tell us the question is not whether your business will suffer a data breach, but when. To prepare for the inevitable, businesses want to know what is the next threat on the horizon. Part 1

  • Does Your Computer Fraud Policy Cover the Hacking of the Human Mind?
    Oct. 31, 2016

    Even as companies continue to strengthen and refine their network security systems against cybercrime, the human brain can remain a weak link for criminals to exploit. Unfortunately for some policyholders, this time-honored tactic of targeting the human element involved with a technology may actually fall right into a gap in companies’ insurance coverage.

  • Think Globally: Insurance Analysis for Multinational Companies
    Oct. 26, 2016

    Certain insurance coverages are not purchased or pursued by multinational companies transacting business in the United States because there are nuanced differences between international and U.S. insurance programs and law. These companies, often with global offices, will be best served by having counsel experienced in such nuances conduct a diagnostic review of their insurance policies to identify potential coverage gaps and allow the company to plan ahead and negotiate more favorable coverage terms before a loss arises.

  • Location Disservices? Protecting against the Inherent Cybersecurity Risks of Geotagging
    Oct. 11, 2016

    Law-enforcement officials have long warned users against disclosing travel plans on social media to would-be thieves by, for example, posting pictures of a boarding pass from that long-awaited trip to Barcelona. But what about apps and services like Find My Friends, where users can share their location with up to 50 friends, or Snapchat, which shows a user’s location when posting an image or video?

  • Are Your Social Media Fans Cybersecurity Savvy?
    Sept. 21, 2016

    The immense popularity of social media sites can draw unwanted attention to its users. Just as businesses are drawn to popular social medial sites to market their brands and products, so, too, are potential cybercriminals interested in targeting those who engage with these sites.

  • How Older Cybersecurity Lapses Can Give Birth to Future Data Breaches
    Aug. 31, 2016

    It’s worth remembering that, in the world of password data sets, even those breaches unconnected in terms of industry, actor, intent or success often become part of a larger constellation of information that allows hackers everywhere to launch more effective attacks in the future.

  • Phishing for Insurance Coverage
    Aug. 22, 2016

    Phishing is a criminal hacker’s favorite sport, and for good reason. It’s a tried and true way to land the big one, over and over again. Whether using a spoofed bank website and stolen email addresses to trick customers into divulging account information, sending email messages purporting to be from a senior company official to deceive employees into providing personal health records, or posing as a trusted vendor and transmitting wire transfer instructions to fraudulently divert funds, hackers are reeling in the catch and making it look easy.

  • Yes, Virginia, There Is Coverage for Cyber Loss under Commercial General Liability Policies
    April 14, 2016

    Just as the famous 1897 New York Sun editorial playfully reassured the skeptical eight-year-old Virginia, so too a recent FCyber2ourth Circuit decision should reassure policyholders in Virginia (and nationwide). Despite insurers’ skepticism, general liability insurance may in fact cover cyber events.

  • Don’t Wait Until It’s Too Late: 10 Tips for Negotiating Your Cyber Insurance Policy (Part 2 of 2)
    April 1, 2016

    This post is a continuation of our top ten recommendations for negotiating your cyber insurance policy.

  • Don’t Wait Until It’s Too Late: 10 Tips for Negotiating Your Cyber Insurance Policy (Part 1 of 2)
    Mar. 25, 2016

    Because cyber policies are far from uniform, it’s crucial to understand not only what you’re being offered, but also how to negotiate coverage for the risks inherent in your business. This post contains the first five of our top ten recommendations.

  • Government Contractors Prepare for Cyber-Warfare
    Feb. 2, 2016

    As the government invigorates its own cybersecurity, contractors are and will be subject to parallel requirements. All federal contractors need a cybersecurity strategy that aligns with their business strategy with the federal government that will make them more competitive as requirements are invigorated through ongoing federal regulatory changes.

  • Cyber Crimes Target Hedge Funds
    June 16, 2015

    Recently, the government identified hedge funds as a “weak link in the U.S. financial system’s defense against hackers and terrorists.” Threats go way beyond simple theft of client information — Can you fend off a big heist?

  • CIOs Spur Revenue Generation Through Smart Cybersecurity
    Sept. 16, 2014

    Today as companies increasingly realize the value of strong cybersecurity, those CIOs who successfully implement an effective cybersecurity system should be viewed as a critical part of the revenue generation effort. An effective CIO who maintains a robust cyber risk management program will not only help ensure efficient operations, but will also play a role in crossing cybersecurity thresholds established by customers that would otherwise serve as a barrier to entry.

  • Cyber Security and Investing: Steps to Help Avoid a Digital Disaster
    Aug. 5, 2014

    Ignorance of some key legal and policy considerations could lead to an improper assessment of the value/future earnings potential of technology investments. These considerations are true regardless of whether or not the technology or service has a core “security” component.

  • Are You Immune To A Cyber-Attack Or Data Breach?
    Mar. 9, 2014

    Not surprisingly, after the cyber-attacks that occurred at a couple (or perhaps few) large retailers over the holidays there has been much discussion about the need to ramp up efforts to protect against such attacks. A Guide entitled Cybersecurity in the Golden State that was recently issued by California Attorney General Kamala D. Harris offers practical steps to minimize cyber-attack and data breach vulnerabilities.