Cybersecurity – Page 2 – Debevoise Data Blog

Cybersecurity

NYDFS Part 500, One Year Later (Part One) – New Requirements Effective November 1, 2024

By: Avi Gesser, Erez Liebermann, Stephanie Thomas and Joshua A. Goland October 30, 2024

November 1, 2024, marks the one-year anniversary of the second amendment to the New York Department of Financial Services’ (“NYDFS” or the “Department”) Cybersecurity Regulation (the “Regulation” or “Part 500”).…

Cybersecurity

Making Tabletop Exercises Worth the Time and Resources

By: Luke Dembosky, Erez Liebermann, Stephanie Cipolla and Melyssa Eigen October 25, 2024

When a company is hit by a cyber attack, normal business gives way to the chaos of managing the investigation, operational disruptions, legal issues, and communications with customers, employees, vendors,…

Artificial Intelligence

Managing Cybersecurity Risks Arising from AI – New Guidance from the NYDFS

By: Charu A. Chandrasekhar, Luke Dembosky, Avi Gesser, Erez Liebermann, Johanna Skrzypczyk, Marshal Bozzo, Mengyi Xu and Ned Terrace October 20, 2024

On October 16, 2024, the New York Department of Financial Services (the “NYDFS”) issued an Industry Letter providing guidance on assessing cybersecurity risks associated with the use of AI (the…

Cybersecurity

HUD Proposes to Narrow its Cyber Incident Notification Requirement

By: Avi Gesser, Erez Liebermann, Anna Moody, Stephanie Thomas and Karen Joo October 10, 2024

Earlier this year, the U.S. Department of Housing and Urban Development (“HUD”) released an unannounced and immediately effective Cyber Incident Reporting Requirement (the “Original Requirements”) in Mortgagee Letter 2024-10, which…

Cybersecurity

ICO Dawn Raids: How to respond and what you can do to prepare – An FAQ

By: Robert Maddox and Aisling Cowell September 25, 2024

In the UK, unannounced inspections of businesses’ premises, or “dawn raids”, are most often associated with authorities such as the Serious Fraud Office, National Crime Agency, Competition and Markets Authority…

Cybersecurity

Erez Liebermann to speak at the Director-Executive Summit

By: Erez Liebermann September 12, 2024

On November 14-15, 2024, the University of Texas School of Law and McCombs School of Business will host a groundbreaking event limited to public company directors and C-suite executives —…

Cybersecurity

The EU’s Draft NIS2 Regulations: Appropriate ICT Security Measures and Serious Incident Reporting

By: Robert Maddox and Martha Hirst August 12, 2024

The European Commission has published a draft regulation containing further detail on the “technical and methodological” security measures, and cybersecurity incident reporting threshold triggers, under the incoming NIS2 directive (the…

Automated Decision Making

European Data Protection Roundup – June 2024

By: Robert Maddox, Friedrich Popp, Fanny Gauthier, Sophie Michalski, Léa Lascoux, Deniz Tanyolac and Samuel Thomson July 30, 2024

Our top five European data protection developments from June are: Non-material damage under GDPR: The CJEU clarified the scope of compensation for non-material damage in the context of identity theft…

Cybersecurity

Internal Accounting Controls Claim Rejected in SolarWinds Case

By: Andrew J. Ceresney, Charu A. Chandrasekhar, Luke Dembosky, Erez Liebermann, Benjamin R. Pedersen, Julie M. Riewe, Paul Rodel, Matt Kelly, Anna Moody, Alice Gu and Talia Lorch July 23, 2024

On July 18, 2024, in the landmark SEC v. SolarWinds Corp. case, U.S. District Judge Paul Engelmayer dismissed the majority of the claims brought by the U.S. Securities and Exchange Commission (the…

Artificial Intelligence

Treasury’s Report on AI (Part 2) – Managing AI-Specific Cybersecurity Risks in the Financial Sector

By: Avi Gesser, Erez Liebermann, Matt Kelly, Jackie Dorward, Kyungjin Kim and Joshua A. Goland July 2, 2024

This is the second post in our two-part Debevoise Data Blog series covering the U.S. Treasury Department’s report on Managing Artificial Intelligence-Specific Cybersecurity Risks in the Financial Services Sector (the “Report”). In…