On Jan. 17, 2025, EU Regulation 2022/2554 on digital operational resilience for the financial sector (DORA) became applicable in the EU.
DORA focusses on risk management and resilience testing, with a strong focus on vendor risk management, incident management and reporting, and resilience testing of key systems.
DORA applies to financial institutions that are authorized
Six months after the SEC’s Cybersecurity Incident Disclosure Rule (SEC Rule) came into force, an April 2024 GT Alert summarized disclosure trends. The GT Alert identified that the companies who filed a mandatory form 8-K disclosing a cybersecurity incident had erred on the side of caution, hedged on whether the materiality threshold had been met
Cyber criminals constantly develop new ways to steal money from businesses. One common scam targeting law firms and corporate legal departments involves “imposters” pretending to be clients or other parties who are owed payment, then tricking the attorney into paying the imposters. This deception has led to a rise in lawsuits where parties are battling
GT Shareholder Jena M. Valdetero, co-chair of the firm’s U.S. Data Privacy and Cybersecurity Practice, will present the CLE webinar, “Maintaining Privilege in Data Breach Investigations: Best Practices and War Stories from Multimillion-dollar Breaches,” Dec. 19 at noon ET. This session will provide critical steps for protecting privilege during a data breach investigation
Fred Karlinsky, chair of Greenberg Traurig’s Insurance Regulatory and Transactions Practice, is the featured guest on episode 6 of ThriveDX’s Net Impact podcast hosted by Fred Menachem, which explores the crucial intersection of cybersecurity law and insurance regulation.
Fred discusses how businesses can protect themselves from growing cyber threats, the evolving role of
A U.S. district court dismissed all the SEC’s securities fraud and false filings claims against SolarWinds and its Chief Information Security Officer (CISO) Timothy Brown regarding the adequacy of cyberattack disclosures, finding that the SEC had impermissibly relied on “hindsight and speculation” to find those disclosures fraudulent. The court also dismissed the SEC’s claims that
On April 4, 2024, CISA published its long-awaited Notice of Proposed Rulemaking to implement the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA). If passed in their current form, the Rules would create extensive reporting obligations for an estimated 316,244 covered entities across 16 critical infrastructure sectors.
As detailed in our July 2023 GT Alert, the Securities and Exchange Commission (SEC) now requires public companies to file a Form 8-K and disclose a material cybersecurity incident within four days of determining the incident’s materiality. Form 8-K Item 1.05(c) includes an exception to the four-day requirement: where disclosure poses a substantial risk
Greenberg Traurig Shareholders Jena M. Valdetero, Co-Chair of the U.S. Data Privacy & Cybersecurity Practice, and Reena Bajowala presented the Thomson Reuters West LegalEdcenter webinar, “Staying Ahead of the Bad Guys: Cybersecurity and Data Protection” Monday, July 31. News of an increasing number of cyberattacks has dominated headlines in recent years. This webinar
Greenberg Traurig Shareholder Jena M. Valdetero, Co-Chair of the U.S. Data Privacy and Cybersecurity Practice, will present the interactive webinar “Ransomware and Legal, Regulatory and Reputational Considerations: An interactive exercise” Thursday, March 23 from 11:00 am – 12:00 pm CST. This interactive program, co-hosted by the Federal Bar Association and myLawCLE, will