In what the New York Department of Financial Services (NYDFS) is touting as the first guidance by a U.S. regulator on cyber insurance, NYDFS announced on February 4, 2021, in Insurance Circular Letter No. 2 (2021), that it has issued a new Cyber Insurance Risk Framework (Framework) addressed to authorized property/casualty insurers that write cyber

The National Institutes of Science and Technology (NIST) continues to offer timely and relevant information for companies to consider when addressing cyber-risks in an ever-changing landscape.

 On February 2, 2021, NIST published an alert outlining tools it has developed to assist companies “to help defend against state-sponsored hackers.” According to its press release, nation-state

Cybersecurity firm SonicWall Inc. is investigating an attack on its internal systems that it describes as “highly sophisticated.” According to SonicWall, the investigation is centered around its Secure Mobile Access 100 series, which assists with end-to-end secure remote access.

The company said that a few thousand devices have been impacted and that it is trying

The fallout from the SolarWinds hacking incident linked to Russian threat actors has not only wreaked havoc on governmental agencies and private companies whose data are at risk following the incident, but this week, Bitsight and Kovrr released an analysis outlining the effect of the event on insurance losses that estimates the incident could cost

The U.S. Attorney’s Office for the District of Massachusetts is warning small businesses that received loans through the Paycheck Protection Program (PPP) of a dramatic increase in reports of business email-compromise schemes related to the program. Scammers are using information about PPP recipients posted by the Small Business Administration (SBA) to impersonate PPP lenders requesting

The Federal Trade Commission (FTC) is warning small businesses that they are being targeted by scammers through a new coronavirus-related scam. The scam “starts with an email that claims to come from the ‘Small Business Administration Office of Disaster Assistance.’ It says you’re eligible for a loan of up to $250,000 and asks for personal

Development and Operations (DevOps) teams are often pressured by executives and sales teams to get software products completed and out the door and into the market as quickly as possible so the products can generate income. Often, security is not the highest priority for DevOps, as adding security features may affect the performance of the

2020 will go down as one of the most stressful in my career as a cybersecurity professional. I have been working in this area of law full time since 2003. So that says a lot.

On top of the stress of the spread of the coronavirus, this has been a particularly stressful year assisting clients

Among many other things, 2020 has been the year of vendor security incidents and data breaches. More than ever, we have responded to incidents for clients that were caused not by the client, but by a third-party vendor.

When a vendor causes a security incident, it will commonly report the incident to you and then