November 1, 2024, marks the one-year anniversary of the second amendment to the New York Department of Financial Services’ (“NYDFS” or the “Department”) Cybersecurity Regulation (the “Regulation” or “Part 500”). It is also the date that a number of new requirements under Part 500 come into effect, including requirements surrounding governance, encryption, and incident response and business continuity planning. In…

On October 22, 2024, the U.S. Securities and Exchange Commission (the “SEC”) announced settled charges in separate actions against four technology companies—Avaya Holdings Corp. (“Avaya”), Check Point Software Technologies Ltd. (“Check Point”), Mimecast Limited (“Mimecast”), and Unisys Corp. (“Unisys”)—each of which was a downstream victim of the unprecedented 2020 cyber-attack in which threat actors believed to be state-sponsored hackers in…

When a company is hit by a cyber attack, normal business gives way to the chaos of managing the investigation, operational disruptions, legal issues, and communications with customers, employees, vendors, regulators, and more.  A tabletop exercise (“tabletop”) allows a team to practice responding to a cybersecurity incident without the pressures and uncertainty that are inevitable in an actual crisis.  Many…

On Thursday, October 31, Avi Gesser and Matt Kelly will speak at the 8th Annual Disruption and Innovation in the Delivery of Legal Services Conference 2024-25 as a part of the workshop on “How AI is Transforming the Law Firm Internally and Externally.” The speakers will address the current use of AI in law firms, discuss what new tools are…

On October 16, 2024, the New York Department of Financial Services (the “NYDFS”) issued an Industry Letter providing guidance on assessing cybersecurity risks associated with the use of AI (the “Guidance”) under the existing 23 NYCRR Part 500 (“Part 500” or “Cybersecurity Regulation”) framework. The Guidance applies to entities that are covered by Part 500 (i.e., entities with a license…