Board Governance & Cyber Risk Management

New York Passes Health Privacy Law – Your Questions Answered

March 5, 2025 By Daniel Felz, Jennifer Everett and Jennifer Pike

The New York State legislature passed the Health Information Privacy Act (“NYHIPA”) on January 22, 2025, marking the second state to introduce a comprehensive consumer health data law. If passed, the NYHIPA imposes more stringent obligations on organizations that handle “regulated health information. (“RHI”). You’ve got questions – we’ve got answers. How is “regulated health […]

Ransom Payments At A Historic Low According to Report

February 20, 2025 By Kim Peretti and Scott Hilsen

On February 4, 2025, Coveware, Inc. released its quarterly ransomware report for the fourth quarter of 2024, and identified that the percentage of victims paying ransoms fell to a historic low of 25%. While the average amount of a payment in Q4 2024 rose 16% quarter-over-quarter to $553,959, the median amount dropped a significant 45% […]

UK Government Proposes Targeted Ban on Ransom Payments and Increased Ransomware Incident Reporting

February 5, 2025 By Kelly Hagedorn and Kristen Bartolotta

On January 14, 2025, the United Kingdom government published a consultation on ransomware proposing new measures to increase incident reporting and reduce ransom payments (the “Consultation”). The Consultation outlines three objectives in this regard and is open for responses until April 8, 2025. Proposal 1: Targeted Ban on Ransomware Payments The UK government is proposing […]

CISA Releases the AI Cybersecurity Collaboration Playbook to Strengthen AI-related Cybersecurity Information Sharing and Collaboration

February 3, 2025 By Seol Namgoong and Kim Peretti

On January 14, 2025, the Cybersecurity and Infrastructure Security Agency (CISA) released the AI Cybersecurity Collaboration Playbook (the “Playbook”) to provide guidance to organizations within the AI community (including AI providers, developers, and adopters) to voluntarily share AI-related cybersecurity information with CISA and its partners through the Joint Cyber Defense Collaborative (JCDC). To combat AI-related […]

Last Minute Biden Cybersecurity and Artificial Intelligence Executive Orders Survive Initial Trump Revocations

January 25, 2025 By Kim Peretti, Kate Hanniford, Daniel Felz, Alysa Austin and Andrew Rice

In the final week of the Biden Administration’s term in office, former President Biden issued two high profile executive orders that could have significant ramifications for the cybersecurity and technology industries. The first, issued on January 14, 2025, is an “Executive Order on Advancing United States Leadership in Artificial Intelligence Infrastructure” (the “AI Infrastructure Order”). […]