Cyber Risk

Microsoft Announces Two New On-Premises SharePoint Vulnerabilities

July 30, 2025 By Jennifer Everett, Kim Peretti and Carson Kuck

Introduction On July 19, 2025, Microsoft announced two new vulnerabilities that are actively being exploited (CVE-2025-49704 and CVE-2025-49706) and that relate to on-premises Microsoft SharePoint instances that are exposed to the internet. CVE-2025-49704 is a remote code execution (RCE) vulnerability, which allows an attacker to run malicious code on a target system. CVE-2025-49706 is […]

2025 State Cybersecurity Legislation Focuses on Financial Services

April 18, 2025 By Kim Peretti and Scott Hilsen

Eight years ago, on March 1, 2017, the New York Department of Financial Services enacted its landmark cybersecurity regulation covering financial services companies, 23 NYCRR Part 500, known as “Part 500.” Part 500 was the first state regulation to enumerate, in great detail, the elements of a cybersecurity program that a covered financial service company […]

UK Government Publishes Cyber Governance Code of Practice for Boards and Directors

April 10, 2025 By Hanna Hewitt and Kelly Hagedorn

On April 8, 2025, the UK government published the Cyber Code of Practice (the “Code”) to support board directors in governing cybersecurity risks. The Code is available online. The UK’s data protection regulator is actively investigating and, in some instances, fining companies for personal data breaches caused by cybersecurity issues. It is therefore more important […]

UK Government Proposes Targeted Ban on Ransom Payments and Increased Ransomware Incident Reporting

February 5, 2025 By Kelly Hagedorn and Kristen Bartolotta

On January 14, 2025, the United Kingdom government published a consultation on ransomware proposing new measures to increase incident reporting and reduce ransom payments (the “Consultation”). The Consultation outlines three objectives in this regard and is open for responses until April 8, 2025. Proposal 1: Targeted Ban on Ransomware Payments The UK government is proposing […]

Singapore Cybersecurity Agency Publishes Guidelines on Securing AI Systems

October 18, 2024 By Kristen Bartolotta

On October 15, 2024, the Cyber Security Agency of Singapore (“CSA”) published Guidelines on Securing AI Systems (the “Guidelines”) alongside a Companion Guide for Securing AI Systems (the “Companion Guide”), which is intended to serve as support for the Guidelines. In its announcement, the CSA states that while artificial intelligence (“AI”) offers significant benefits for […]