On April 29, 2026, the New York State Department of Financial Services (“DFS”) issued its first cybersecurity enforcement action of 2026—a Consent Order against Delta Dental Insurance Company and Delta Dental of New York, Inc. (the “Companies”) imposing a $2,250,000 civil monetary penalty for violations of the Part 500 Cybersecurity Regulation. The action is notable as the Department’s first—and to…

In some ways, the dominant mode of legal service delivery resembles the old VHS or DVD model, whereby everyone rented movies by walking or driving to their local video store. For most legal services, a client identifies a need, contacts outside counsel, and receives a tailored product in response to a discrete request. The model reflects the nature of most…

Debevoise & Plimpton’s Data Strategy & Security (DSS) team is pleased to contribute to the Legal 500 Country Comparative Guides: Data Protection & Cybersecurity with a new “Hot Topic” chapter examining key cyber trends and critical legal considerations for incident response. In this chapter, the team explores how the cyber threat landscape evolved through 2025 and what organizations should expect…

Cybersecurity incidents have become an ever-growing threat to companies as attacks become more sophisticated, particularly in the face of AI-enabled threat actors. When a cyberattack occurs, while the immediate focus is typically on containing the impact and restoring systems, it is equally as important for businesses subject to the EU/UK Market Abuse Regulation (“MAR”) to consider their disclosure obligations.  A…

On Thursday, June 4, 7:20 AM – 8:05 AM EDT (12:20 PM – 1:05 PM BST), Robert Maddox will speak at Incident Response Forum London 2026 on a panel titled “Cyber Threat Landscape: Preparation and Remediation.” To register for free, please click here and use the code DEBEVOISE404V Incident Response Forum London 2026 is positioned as the only conference of its…