On December 5, 2017, the National Institute of Standards and Technology (NIST) released a revised draft of its proposed updates to its Framework for Improving Critical Infrastructure Cybersecurity. The revised draft includes a new section on communicating with stakeholders about cybersescurity requirements, addresses stakeholder concerns regarding cybersecurity supply chain risk management and measuring cybersecurity risks […]
Cyber Risk
FTC Updates Data Security Guidance for Businesses
In June, the Federal Trade Commission released a new guide for businesses on implementing sound data security protections and procedures. In “Protecting Personal Information: A Guide For Business,” the FTC offers “10 practical lessons” based on the numerous enforcement actions brought by the FTC. The guide offers insight into the thinking of this key federal […]
President Trump Signs Long-Awaited Cyber Executive Order
On May 11, 2017, President Trump signed a long-awaited executive order on cybersecurity (the “Order”). The Order directs executive agencies to complete a risk management report based on the NIST Cybersecurity Framework (the “Framework”) and also requires the Department of Homeland Security (DHS) and other agencies to undertake activities in support of effective cybersecurity risk […]
Bank Regulators Issue Advanced Notice of Proposed Rulemaking on Cyber Risk Governance and Management Regulations
More regulators (apart from the FTC) are now taking note of cybersecurity issues in the financial services industry and are taking steps to protect the industry and its consumers. Earlier this year, the Consumer Financial Protection Bureau (“CFPB”) issued its first enforcement action on data security against an online payment system. In June, the Federal […]
New York State Financial Services Regulator Issues Proposed Cybersecurity Regulations
On September 13, 2016, Governor Andrew Cuomo announced the issuance of proposed “first-in-the-nation” cybersecurity regulations for entities regulated by the New York Department of Financial Services (DFS), including jurisdictional banks, insurance companies, and other financial institutions. The proposed regulation will be subject to a 45-day comment period prior to being issued as a final rule. […]