Cyber Security Resource Center
Cyber Security Resource Center
“Strong security should be a standard feature of virtually every technology product, and especially those that support the critical infrastructure that [people] rely on daily.”
– Jen Easterly, Director of the U.S. Cybersecurity and Infrastructure Agency
Today’s emerging digital environment is treacherous. Bad actors have proliferated and grown more sophisticated, becoming a persistent and evolving threat. Information technology continues to be integrated into all aspects of our society and IT networks have become more complex and reliant on the software and systems of third-party vendors, who themselves may experience incidents affecting customer data. Artificial intelligence (AI) and machine learning (ML) have presented themselves as important tools with the potential to enhance our world through their use in cyber-defense against increasingly sophisticated and malicious malware, ransomware, and social engineering attacks. However, AI and ML can be double-edged swords when used by hackers for advanced attacks, and other bad actors in the creation of deep fakes and bots, which are already rampantly spreading misinformation. As the metaverse comes more online, it too, will serve as a new area for exploitation. These vulnerabilities increase our risk and may lead to wide-scale or high-consequence cybersecurity events that could harm or disrupt services on which our global economy and peoples’ daily lives depend. In the Morrison Foerster/Ethisphere 2023 Global Crisis Benchmarking Report, many general counsel reported that “Cybersecurity remains top of mind for organizations, with 60% considering it as a top crisis risk.” For both public and private organizations, developing and implementing tailored cybersecurity plans and processes is key to protecting and maintaining operations.
We work with clients to help them be aware of critical cyber risks, prepare for incidents, and take steps to reduce the likelihood and impact of a potentially damaging compromise. We have served as lead counsel on some of the highest profile ransomware attacks and other cyber breaches of recent years, coordinating all response components, including responding to regulatory inquiries and investigations, defending clients in multi-jurisdiction litigation, engaging on public and customer relations issues, advising on contractual obligations and remedies, and working with forensic investigators, credit monitoring firms, and crisis communication professionals to provide an integrated, cost-effective, and seamless response to data security incidents.
In addition to data loss, these incidents raise significant business and legal risks, including damage to brand and reputation, disruption of business operations, and triggering of contractual and regulatory obligations. We have helped Fortune 500 companies and other leading organizations respond to dozens of significant ransomware incidents and have experience with wide-ranging ransomware variants including Akira, BlackCat/ALPHV, LockBit, Conti, Ryuk, REvil/Sodinokibi, WastedLocker, Maze, MegaCortex, Nephilim, SunCrypt, and Harma.
Morrison Foerster is uniquely positioned to provide insights into and counsel on all facets of cyberattack preparedness and response. Our market-leading global Privacy + Data Security team has decades of collective experience helping clients navigate these and other pressing issues. Visit our Privacy + Data Security Litigation practice page to learn how our team can help your company with potential litigation arising from a breach.
Five Things to Know About the EU Cybersecurity Framework
Alex van der Wolk discusses how the EU has been bolstering its stance on cybersecurity through the implementation of various regulations.
The Actual and Possible Impact of N.Y. State Department of Financial Services Amendments to Its Cybersecurity Regulation
The Amended Regulation raises the benchmark for cybersecurity regulations and provides a model for other regulators to adopt.
A New Frontier for SEC Cybersecurity Enforcement? The SEC Charges SolarWinds and its CISO with Securities Fraud
The SEC accused SolarWinds Corporation and its CISO of committing scienter-based securities fraud, among other violations, for allegedly misleading investors about the Company’s cybersecurity practices and risks.
Cybersecurity Regulations State of Play: EU vs China
This webinar discusses cybersecurity initiatives underway in the EU and assesses how they match up to what China’s cybersecurity laws have been developing into over the last few years.
Preparing for the SEC Cyber Security Disclosure Rules
Is your organization truly ready to meet the SEC’s new cybersecurity disclosure and reporting requirements? Miriam Wugmeister discusses the SEC’s new cybersecurity disclosure and reporting requirements.
An Unprecedented Cross-Border Data Regulatory Regime: The Biden Administration Announces New Program to Shield Sensitive U.S. Data
While in its infancy, the regulatory regime will be unprecedented and will impact any entity operating in the United States that collects or sells data within the program’s ambit. Read our analysis.
Getting it Across - Quick Cybersecurity Tips
Watch our cybersecurity crossword video series to see if you can complete the mini crossword before we do and get quick tips on protecting your data.
CISA’s Very Broad Proposed Rule for “Critical Infrastructure” Entities to Report Cyber Incidents
Next year, a lot more companies, including many that have not considered themselves to be critical infrastructure, may be required to report cyber incidents to the U.S. government.
China PIPL: Data Export Regime Starts to Take Form
After more than nine months since the PIPL came into effect, three new regulatory developments will provide guidance on the administrative procedures and detailed rules to implement the cross border transfer rules.