Cybersecurity

UK Data Protection Regulator Fines UK Law Firm ~$80,000 Following Ransomware Incident

May 6, 2025 By Hanna Hewitt and Kelly Hagedorn

On April 14, 2025, the UK data protection regulator (the Information Commissioner’s Office (“ICO”)) fined DPP Law (“DPP”) £60,000 (approximately $80,000) following a ransomware incident. In its penalty notice, the ICO found that DPP failed to implement appropriate technical and organisational measures, as required by Article 5(1)(f) and Article 32 UK GDPR. This is the […]

Additional Cybersecurity Requirements of NYDFS Part 500 Take Effect Today

May 1, 2025 By Kim Peretti, Kate Hanniford, Scott Hilsen, Lance Taubin and Andrew Rice

Today, on May 1, 2025, additional enhanced cybersecurity controls required by the Second Amendment to the New York Department of Financial Services (NYDFS) Cybersecurity Regulation (23 NYCRR Part 500) (the “Second Amendment”) take effect. Although the Second Amendment was originally adopted in November of 2023, NYDFS established a multi-year rollout of the Second Amendment’s requirements, […]

UK Government Publishes Cyber Governance Code of Practice for Boards and Directors

April 10, 2025 By Hanna Hewitt and Kelly Hagedorn

On April 8, 2025, the UK government published the Cyber Code of Practice (the “Code”) to support board directors in governing cybersecurity risks. The Code is available online. The UK’s data protection regulator is actively investigating and, in some instances, fining companies for personal data breaches caused by cybersecurity issues. It is therefore more important […]

UK Government Proposes Targeted Ban on Ransom Payments and Increased Ransomware Incident Reporting

February 5, 2025 By Kelly Hagedorn and Kristen Bartolotta

On January 14, 2025, the United Kingdom government published a consultation on ransomware proposing new measures to increase incident reporting and reduce ransom payments (the “Consultation”). The Consultation outlines three objectives in this regard and is open for responses until April 8, 2025. Proposal 1: Targeted Ban on Ransomware Payments The UK government is proposing […]

Last Minute Biden Cybersecurity and Artificial Intelligence Executive Orders Survive Initial Trump Revocations

January 25, 2025 By Kim Peretti, Kate Hanniford, Daniel Felz, Alysa Austin and Andrew Rice

In the final week of the Biden Administration’s term in office, former President Biden issued two high profile executive orders that could have significant ramifications for the cybersecurity and technology industries. The first, issued on January 14, 2025, is an “Executive Order on Advancing United States Leadership in Artificial Intelligence Infrastructure” (the “AI Infrastructure Order”). […]