On June 13, 2023, the Securities and Exchange Commission (“SEC”) published its Spring 2023 rulemaking agenda that delayed finalizing the proposed Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure rule for public companies and proposed rule on Cyber Risk Management for Investment Advisers, Registered Investment Companies and Business Development Companies until at least October 2023. […]
Cybersecurity
CL0P Ransomware Gang’s Exploitation of MOVEit Vulnerability: What It Means for Companies
On June 7, 2023, the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) released a Joint Cybersecurity Advisory in connection with a recent zero-day (or previously undetected) vulnerability in Progress Software’s managed file transfer software (MOVEit Transfer), exploited by the CL0P ransomware group. CL0P publicly claimed responsibility for exploiting the […]
FCC Proposes to Change Data Breach Reporting Rules for Telecommunication Companies
On January 6, 2023, the FCC released a Notice of Proposed Rulemaking (the “Notice”) proposing to “modernize the Commission’s data breach rules,” and thereby launching a formal effort to gather information from the industry on the issue of data breach reporting. The Notice, adopted on December 28, 2022, seeks to strengthen its rules with the […]
NYDFS Releases Significant Enhancements to its Cybersecurity Regulation in the Proposed Second Amendment
The New York Department of Financial Services (“DFS”) released their proposed second amendment to the Cybersecurity Regulation, 23 NYCRR Part 500 (“Proposed Second Amendment”) on October 9, 2022. DFS issued a minor amendment on April 2, 2020, revising the certification of compliance date (from February to April). The Proposed Second Amendment follows DFS’s “pre-proposed” draft […]
FTC Delays Effective Date of Certain Changes to the Safeguard Rule
On November 15, 2022, the Federal Trade Commission (FTC) announced that it is delaying the effective date of certain changes to the Gramm–Leach–Bliley Safeguards Rule. The Safeguards Rule, which first became operative in 2003, imposes certain security requirements on non-banking financial institutions. The FTC amended the Rule in December 2021, and several provisions under the […]