The Cybersecurity Law Report recently published an article by Davis Polk titled Reducing Risk in the Dawn of Equifax and Other Cyber-Related Securities Fraud Class Actions.  The article analyzes the January 2019 decision in In re Equifax Securities Litigation and uses lessons from that case to examine strategies for
Continue Reading Reducing Risk in the Dawn of Equifax and Other Cyber-Related Securities Fraud Class Actions, by the Davis Polk Cyber Blog Team, published in The Cybersecurity Law Report

Companies that experience a cyber breach face several immediate and difficult challenges: quickly getting a handle on the scope of the breach, making sure that the intruder is out of their system, remediating any vulnerability, assessing what data was accessed (if any), deciding whether to reach out to law enforcement,
Continue Reading Cybersecurity Whistleblowers – Another Thing to Consider Following a Breach

Appleby, a multi-national law firm known for its tax planning services, is the latest law firm to suffer a major cyber breach in an event that has been dubbed the “Paradise Papers.”  This breach mirrors the Panama Papers leak from two years ago, which exposed millions of documents from the
Continue Reading Another Law Firm Suffers a Major Cyber Breach as Millions of Sensitive Client Documents Are Made Public in the “Paradise Papers”

The National Association of Insurance Commissioners (“NAIC”) has signaled that insurance regulators may be the first government agencies to adopt the framework for cybersecurity regulation that was recently set out in the New York Department of Financial Services (“NYDFS”) cybersecurity rules, which went into effect on August 28, 2017.

Continue Reading NYDFS Cybersecurity Rules Inspires Insurance Data Security Draft Model Law

Earlier this month, HBO disclosed that it is the latest victim of cyber breach extortion, which involves criminals hacking into a company’s computer system, extracting sensitive information (e.g., emails of executives) or valuable intellectual property (e.g., unreleased television scripts or episodes), and then threatening to make the information public if
Continue Reading The HBO Hack: Preparing for a Cyber Breach Extortion

Three recent cybersecurity events highlight the need for companies to review their access controls to limit who has administrator privileges and how long those elevated privileges last.

First, this week, computer malware that has variously been called PetyaWrap, WannaCry2, GoldenEye and NotPetya began spreading in dozens of countries, encrypting computers
Continue Reading The PetyaWrap Attack, Anthem Data Breach Settlement, and NYDFS Cyber Regulations All Highlight that Companies Should Review Their Access Controls