Cybersecurity Insights

Keep up with the latest cybersecurity trends and observations by reading our Data, Cyber + Privacy team’s news coverage, including:

Infographics

• World Password Day Quiz (1 May 2025)

Client Alerts

• Data Privacy and Cybersecurity: Are You Prepared for the Challenges? (06 Nov 2025)
• Can Cyber Threat Intelligence Sharing Continue After CISA 2015’s Lapse? (30 Oct 2025)
• NIH Follows in FDA’s Footsteps and Adopts “Bulk Sensitive Data” Policy That Goes Beyond DOJ Rule Requirements (28 Oct 2025)
• CCPA Regulations on Cybersecurity, Risk Assessments, and ADMT: Across the Finish Line (07 Oct 2025)

• Can Cyber Threat Intelligence Sharing Continue After CISA 2015’s Lapse? (03 Oct 2025)
• Communicating with the SEC When Your Organization Suffers a Cybersecurity Incident (01 Oct 2025)
• Key Takeaways from the White House Crypto Report (06 Aug 2025)
• FTC Looks to Leverage PADFAA Enforcement to Help Limit Exposure of Consumer Data (22 Jul 2025)
• Data Privacy at the Crossroads of AI & Life Sciences: US & EU Perspectives (15 Jul 2025)
• NIS 2: Strengthening Europe’s Cyber Defenses (08 Jul 2025)

• Trump Issues Executive Order on Cybersecurity Rolling Back Some Prior Policies and Introducing New Ones (12 Jun 2025)

• Answering Key Questions About 2 EU Cybersecurity Laws (10 Jun 2025)

• China’s New CBDT Regime: One Year On (09 Jun 2025)

• A MoFo Privacy Minute: Managing Cybersecurity Concerns When Fine-Tuning LLMs (22 Apr 2025)

• DOJ Bulk Sensitive Data Regulations Update: New Compliance Guidance and Temporary Non-Enforcement Policy for Companies Working in Good Faith to Achieve Compliance (15 Apr 2025)

• Navigating New Security Requirements under DOJ’s Bulk Data Regulations: Is NIST Compliance Enough? (19 Feb 2025)

• An Unprecedented Cross-Border Data Regulatory Regime Version 3.0: Department of Justice Issues Final Rule Regulating Bulk Sensitive Data Transfers (07 Jan 2025)
• EU Cyber Resilience Act Raises the Cybersecurity Bar for Digital Products (21 Nov 2024)
• What to Expect from the SEC During a Second Trump Administration? (14 Nov 2024)

• Communicating with the SEC When Your Organization Suffers a Cybersecurity Incident (29 Oct 2024)

• DORA Decoded: Understanding Cybersecurity for the Financial Services Sector (25 Oct 2024)
• The SEC’s Risk Disclosure and Controls Claims Against SolarWinds Fall to the Cutting Room Floor (23 Jul 2024)

• Proposed Regulation on Controlled Unclassified Information Standardizes Process for CUI Identification and Handling Across Federal Agencies (23 Jan 2025)
• Biden’s Final Cybersecurity Order Proposes Significant Changes, All to Be Implemented by the Incoming Administration (21 Jan 2025)
• Cyber Risk of State Auditors Demanding Full SSNs in Assessing Unemployment Insurance Claims (03 July 2024)

• U.S. SEC Issues Updated Guidance on Cybersecurity Disclosure Under Item 1.05 of Form 8-K (25 June 2024)
• The SEC’s Controls-Based Approach to Cybersecurity Enforcement Continues, with an Accounting Twist (25 June 2024)
• A $10 Million Civil Penalty for Delayed Reporting of a De Minimis Cyber Incident: The SEC’s Cyber Enforcement Marches on (28 May 2024)
• EU Cyber Resilience Act Raises the Cybersecurity Bar for Digital Products (23 May 2024)
• CISA’s Very Broad Proposed Rule for “Critical Infrastructure” Entities to Report Cyber Incidents (02 April 2024)
• MoFo’s State + Local Government Enforcement Newsletter (08 Jan 2024)

• The Actual and Possible Impact of New York State Department of Financial Services Amendments to Its Cybersecurity Regulation (07 Dec 2023)
• Keeping Pace with Changes to the CPPA’s Draft Regulations on Cybersecurity Audits, Risk Assessments, and Automated Decision-Making Technology (05 Dec 2023)
• A New Frontier for SEC Cybersecurity Enforcement? The SEC Charges SolarWinds and its CISO with Securities Fraud (03 Nov 2023)
• Litigation Readiness: Seven Things to Keep in Mind (25 Oct 2023)
• Six Considerations to Preserve Privilege (10 Oct 2023)
• SEC Adopts Cybersecurity Disclosure Rules for Public Companies (28 Jul 2023)
• Comments to Proposed Changes to the Health Breach Notification Rule Due August 8, 2023 (07 Jul 2023)
• SEC Delays Finalized Cyber Rules Until October 2023 (20 Jun 2023)
• NIST Releases Revised Cybersecurity Controls and Requirements for Protection of Controlled Unclassified Information Resident in Contractor Information Technology Systems (15 May 2023)
• Federal Government Provides Further Guidance and Draft Attestation Form for Software It Acquires (02 May 2023)
• The SEC Expands Focus on Cybersecurity Risk to Include Registered Advisers, Broker‑Dealers, and other Market Participants (14 Apr 2023)
• No Injury, No Data Breach Claims? Recent Trends in Evaluating Standing in Data Breach Class Actions (05 Apr 2023)
• The Biden Administration’s National Cybersecurity Strategy Calls for a Shift Toward More Cybersecurity Regulation (06 Mar 2023)

• The Benefits and Risks of Notifying Law Enforcement (09 Feb 2023)
• What Should Boards Think About After a Breach? (27 Jan 2023)

• Morrison Foerster’s Economy & Markets Research Report (13 Dec 2022)
• Privacy + Data Security Predictions for 2023 (07 Dec 2022)
• Communicating with the SEC When Your Organization Suffers a Cybersecurity Incident (02 Nov 2022)
• Cybersecurity Expectations Intensify for Medical Device Cos. (25 Oct 2022)
• Staying Ahead of Cryptocurrency Hacks and Legal Risks (12 Sep 2022)
• NYDFS Considering Significant Updates to Its Cybersecurity Rule (30 Aug 2022)
• China PIPL: Data Export Regime Starts to Take Form (19 Jul 2022)
• Ransomware and the Healthcare Industry (01 Jun 2022)
• NIS 2: A Sequel Worth Watching (31 May 2022)
• Justice Department Revises Cyber Crime Charging Policy to Shield Good-Faith Security Research (25 May 2022)
• Data Breach Litigation Review and Update (22 Apr 2022)
• U.S. Congress Passes Cyber Incident and Ransom Payment Reporting Requirement (March 11, 2022)
• SEC Proposes Cybersecurity Disclosure Rules for Public Companies (11 Mar 2022)
• Private Sector Directed to Be on Alert for Potential Russian Cyber Attacks (28 Feb 2022)
• Addressing Ransomware in Healthcare (19 Feb 2022)
• SEC Proposed Rule Delineates Cybersecurity Policy Requirements for Investment Advisers and Private Funds (15 Feb 2022)
• A MoFo Privacy Minute Q&A: How to Defend, Detect, Prevent, and Respond to Credential Stuffing (02 Feb 2022)
• Understanding Your Exposure When Buying, Selling, or Investing Into Data Businesses (28 Jan 2022)
• Providers of IoT Devices Have 2.5 Years to Implement Stricter Security and Privacy Requirements to Keep Access to the EU Market (26 Jan 2022)
• Top Cybersecurity Considerations for Government Contractors in 2022 (11 Jan 2022)

News

• A Changing Cyber Security Landscape (20 Jun 2025)
• Miriam Wugmeister named one of Cybersecurity Docket’s “Incident Response 50” for 2025 (23 Apr 2025)
• US DOJ continues to treat cyber negligence as contract fraud, data breach or not (18 Apr 2025)
• How Might the US DOJ’s US Sensitive Personal Data Proposed Rule Impact Employers? (26 Nov 2024)
• Eight MoFo Partners Named Among Lawdragon’s Leading Global Cyber Lawyers (29 Apr 2024)
• Paul McKenzie Named as One of China’s Top 15 Cybersecurity & Data Protection Lawyers by Asian Legal Business 2024 (23 Apr 2024)
• Leading Privacy and Data Security Group Led by Partners Boris Segalis and Kaylee Cox Bankston Join Morrison Foerster (27 Mar 2024)

• If You Prepare, a Data Security Incident Will Not Cause an Existential Crisis (09 Jan 2024)
• Boards Must Be Wise to the Risks of Text Messaging (16 Oct 2023)
• U.S. Securities and Exchange Commission Adopts Cybersecurity Disclosure Rules for Public Companies
• Expert Q&A on Aligning Cybersecurity and ESG Strategies (26 Sep 2023)
• Here’s what to know about the SEC’s new cybersecurity disclosure requirements (21 Sep 2023)
• How to Ensure Effective Threat Intelligence (07 Sep 2023)
• Genesis Market Seizure a Warning That Cybercrime is No Longer Anonymous (18 Apr 2023)
• Cyberinsurance Backstop: Can the Industry Survive Without One? (18 Apr 2023)
• Cybersecurity Predictions for 2023 (06 Jan 2023)
• As Cybersecurity Threats Increase, Lawyers Have Practical Advice for Clients (27 Dec 2022)
• New Scrutiny for Apps and Data Brokers (13 Oct 2022)
• Cybersecurity Is a Male-Dominated Field, but Cybersecurity Law Doesn’t Have to Be (18 Jul 2022)
• Feds Aim For More Insight On Hacks With Maze of Policies (12 Aug 2022)
• CAC Issues Measures on Data Export Security Assessments (01 Aug 2022)
• “It’s Coming”: President Biden Warns of “Evolving” Russian Cyber Threat to U.S. (21 Mar 2022)
• The Cybersecurity 202 (11 Mar 2022)
• Gensler Says SEC to Consider New Rules for Cybersecurity, Data Privacy Disclosures (25 Jan 2022)
• Cybersecurity & Privacy Policy to Watch in 2022 (05 Jan 2022)

Events

• Webinar: AI + Privacy in Motion: The Compliance Roadmap for Connected Vehicles (12 Nov 2025)
• Webinar: CTRL+ALT+DEFEND: Insights on Emerging Threats and Best Practices for Cyber Risk Mitigation (29 Oct 2025)
• Webinar: North Korean IT Workers: Recent Developments, Risks & Best Practices (21 Oct 2025)
• Webinar: The Lawyer’s Field Guide to Cybersecurity Incidents (07 Oct 2025)
• Webinar: Bite-Sized Compliance: Who Needs a Cookie Banner and Why? (17 Sep 2025)
• Webinar: The EU Cyber Alphabet Soup – Do we need to worry about NIS2, DORA, and CRA? (14 May 2025)
• Webinar: How the New DOJ Rules on Sensitive Bulk Data Will Impact Your Company (12 Feb 2025)

• Navigating the SEC’s Latest Cybersecurity Disclosure Rules for Public Companies (07 Aug, 2023)
• Cybersecurity Through an ESG Lens: Aligning Cyber and ESG Strategies (25 Oct 2022)
• The Oft-Overlooked Cybersecurity Requirements Of The New 2023 State Privacy Laws (October 13, 2022)
• China’s PIPL One Year On: What You Need to Know Now (September 27 – 29)
• Take Notice: Exploring the Impacts of new U.S. State Laws on Companies' Privacy Disclosures (Expires February 23, 2023)
• Anatomy of a Ransomware Attack (Expires February 23, 2023)
• At Your Service: How the New CA, CO, and VA Privacy Laws Impact Service Providers and the Businesses That Engage Them (Expires February 23, 2023)
• CCPA Litigation and Enforcement: Best Practices for Your Company (Expires September 22, 2022)

Video + Audio

• UK Data Protection Reforms (19 Jun 2025)
• MoFo Privacy 2025 Predictions: Combatting Deep Fakes and Fake IDs in Employment (12 Mar 2025)
• MoFo Privacy 2025 Predictions: Developments in the Quantum and Neural Technology Spaces (12 Mar 2025)
• MoFo Privacy 2025 Predictions: DSARs (12 Mar 2025)
• How Will the EU Approach Data Security, Cyber Risk, and AI in 2024? (10 Jan 2024)

• Preparing for the SEC Cyber Security Disclosure Rules (08 Dec 2023)
• The EU Cybersecurity Framework (24 Oct 2023)
• Why Cybersecurity Is Critical to Your ESG Performance (16 Oct 2023)
• Cybersecurity Month: Privacy Tips You Can Use (27 Oct 2022)
• Ransomware Incident Response: Avoiding Action Bias (23 Feb 2022)

Podcasts

• Cyber Defense Dialogues: MoFo’s New Podcast Series – Episode 3 (05 Jun 2025)
• Cyber Defense Dialogues - 2025 NATO Summit Episode 2 (21 May 2025)
• Cyber Defense Dialogues | 2025 NATO Summit | Episode 1 (07 May 2025)

• When Your Life Sciences Are on the Line Podcast: Cybersecurity (16 Oct 2024)

• MoFo Perspectives: The Cyberstalking Resource Initiative (31 Oct 2022)
• Above Board: Before, During and After a Breach: The Questions Boards Should Ask (07 Oct 2022)
• MoFo Competition Podcast: The ESG Movement and Its Impact on Antitrust Compliance (07 Jul 2022)
• In House Warrior: Two Lions of the DOJ (23 Jun 2022)
• Above Board: Proposed Cybersecurity Disclosure and Reporting Requirements for U.S. Public Companies and Critical Infrastructure Entities (01 Apr 2022)

Blog Post

• Department of Defense Finalizes Long-awaited Cybersecurity Rule (11 Sep 2025)
• Biden’s Final Cybersecurity Order Proposes Significant Changes, All to Be Implemented by the Incoming Administration (21 Jan 2025)