Cyber Security Resource Center
Cyber Security Resource Center
“Strong security should be a standard feature of virtually every technology product, and especially those that support the critical infrastructure that [people] rely on daily.”
– Jen Easterly, Director of the U.S. Cybersecurity and Infrastructure Agency
Today’s emerging digital environment is treacherous. Bad actors have proliferated and grown more sophisticated, becoming a persistent and evolving threat. Information technology continues to be integrated into all aspects of our society and IT networks have become more complex and reliant on the software and systems of third-party vendors, who themselves may experience incidents affecting customer data. Artificial intelligence (AI) and machine learning (ML) have presented themselves as important tools with the potential to enhance our world through their use in cyber-defense against increasingly sophisticated and malicious malware, ransomware, and social engineering attacks. However, AI and ML can be double-edged swords when used by hackers for advanced attacks, and other bad actors in the creation of deep fakes and bots, which are already rampantly spreading misinformation. As the metaverse comes more online, it too, will serve as a new area for exploitation. These vulnerabilities increase our risk and may lead to wide-scale or high-consequence cybersecurity events that could harm or disrupt services on which our global economy and peoples’ daily lives depend. In the Morrison Foerster/Ethisphere 2023 Global Crisis Benchmarking Report, many general counsel reported that “Cybersecurity remains top of mind for organizations, with 60% considering it as a top crisis risk.” For both public and private organizations, developing and implementing tailored cybersecurity plans and processes is key to protecting and maintaining operations.
We work with clients to help them be aware of critical cyber risks, prepare for incidents, and take steps to reduce the likelihood and impact of a potentially damaging compromise. We have served as lead counsel on some of the highest profile ransomware attacks and other cyber breaches of recent years, coordinating all response components, including responding to regulatory inquiries and investigations, defending clients in multi-jurisdiction litigation, engaging on public and customer relations issues, advising on contractual obligations and remedies, and working with forensic investigators, credit monitoring firms, and crisis communication professionals to provide an integrated, cost-effective, and seamless response to data security incidents.
In addition to data loss, these incidents raise significant business and legal risks, including damage to brand and reputation, disruption of business operations, and triggering of contractual and regulatory obligations. We have helped Fortune 500 companies and other leading organizations respond to dozens of significant ransomware incidents and have experience with wide-ranging ransomware variants including Akira, BlackCat/ALPHV, LockBit, Conti, Ryuk, REvil/Sodinokibi, WastedLocker, Maze, MegaCortex, Nephilim, SunCrypt, and Harma.
Morrison Foerster is uniquely positioned to provide insights into and counsel on all facets of cyberattack preparedness and response. Our market-leading global Privacy + Data Security team has decades of collective experience helping clients navigate these and other pressing issues. Visit our Privacy + Data Security Litigation practice page to learn how our team can help your company with potential litigation arising from a breach.
During Cybersecurity Month 2023, Morrison Foerster’s renowned Privacy + Data Security Group wants to help you identify the risks and make sure you and your company are prepared for a potential major security breach or ransomware attack.
Join us in our #MoFoCyberAware media and thought leadership series and take advantage of the complimentary resources and tools we have gathered to help protect yourself online and reduce cybersecurity risks.
Join our webinar on the U.S. SEC’s recently-adopted rules governing cybersecurity risk management, strategy, governance, and incident reporting by public companies.
SEC Adopts Cybersecurity Disclosure Rules for Public Companies
On July 26, 2023, the U.S. Securities and Exchange Commission (SEC) adopted amendments to its rules to require disclosures regarding cybersecurity risk management, strategy, governance, and incident reporting by public companies.
The Biden Administration’s National Cybersecurity Strategy Calls for a Shift Toward More Cybersecurity Regulation
The National Cybersecurity Strategy details the Biden administration’s efforts to bolster the nation’s cybersecurity amid an evolving threat landscape.
NIST Releases Revised Cybersecurity Controls and Requirements for Protection of Controlled Unclassified Information Resident in Contractor Information Technology Systems
NIST releases revised cybersecurity controls and requirements for protection of controlled unclassified information resident in contractor information technology systems.
No Injury, No Data Breach Claims? Recent Trends in Evaluating Standing in Data Breach Class Actions
A key contested issue in data breach class actions is whether plaintiffs can satisfy Article III’s injury-in-fact requirement. We discuss a few emerging trends below.
Comments to Proposed Changes to the Health Breach Notification Rule Due August 8, 2023
The NPRM further highlights the FTC’s proactive commitment to protecting consumers’ sensitive information, particularly health information.
Staying Ahead of Cryptocurrency Hacks and Legal Risks
Learn how crypto businesses can understand and stay ahead of security threats and legal risks facing the industry.
NYDFS Considering Significant Updates to Its Cybersecurity Rule
The New York Department of Financial Services recently released new draft amendments to its controversial cybersecurity rule that would include significant changes.
China PIPL: Data Export Regime Starts to Take Form
After more than nine months since the PIPL came into effect, three new regulatory developments will provide guidance on the administrative procedures and detailed rules to implement the cross border transfer rules.