Overview On May 6, 2025, the Cybersecurity and Infrastructure Security Agency (CISA), in coordination with the FBI, Environmental Protection Agency (EPA), and Department of Energy (DOE), issued a joint fact sheet titled “Primary Mitigations to Reduce Cyber Threats to Operational Technology.” The document highlights priority actions that owners and operators of Operational Technology (OT) systems may wish to consider in light of persistent and evolving cyber threats targeting critical … [Read more] about CISA Issues Enhanced Guidance to Mitigate Cyber Threats to Operational Technology Systems
CPPA Issues Revised Draft CCPA Regulations; Votes to Initiate Public Comment Period

On May 1, 2025, the California Privacy Protection Agency (“CPPA”) Board convened to discuss revisions to the California Consumer Privacy Act (“CCPA”) draft regulations on cybersecurity audits, risk assessments, automatic decisionmaking technology … [Read more] about CPPA Issues Revised Draft CCPA Regulations; Votes to Initiate Public Comment Period
UK Data Protection Regulator Fines UK Law Firm ~$80,000 Following Ransomware Incident

On April 14, 2025, the UK data protection regulator (the Information Commissioner’s Office (“ICO”)) fined DPP Law (“DPP”) £60,000 (approximately $80,000) following a ransomware incident. In its penalty notice, the ICO found that DPP failed to … [Read more] about UK Data Protection Regulator Fines UK Law Firm ~$80,000 Following Ransomware Incident
DOJ Settles False Claims Act Case with MORSECORP Over Cybersecurity Program

On March 26, 2025, the United States Department of Justice (DOJ) announced that it had reached an agreement with MORSECORP Inc. (MORSE) to settle alleged violations of the False Claims Act (FCA), specifically regarding MORSE’s cybersecurity program. … [Read more] about DOJ Settles False Claims Act Case with MORSECORP Over Cybersecurity Program
Additional Cybersecurity Requirements of NYDFS Part 500 Take Effect Today

Today, on May 1, 2025, additional enhanced cybersecurity controls required by the Second Amendment to the New York Department of Financial Services (NYDFS) Cybersecurity Regulation (23 NYCRR Part 500) (the “Second Amendment”) take effect. Although … [Read more] about Additional Cybersecurity Requirements of NYDFS Part 500 Take Effect Today