Criminal cyber attacks that deprive access to vital digital information and hold it for ransom are a constant and ever-increasing threat. No organization is immune. 

Due to the exponential rise in ransomware attacks, cyber insurance coverage for ransom payments – one of the tools for mitigating cyber risk – now requires steeper premiums for much

Following a near unanimous vote in the Connecticut House, Connecticut is set to become the fifth state to pass comprehensive privacy legislation. With the addition of the Connecticut Data Privacy Act (CTDPA), Connecticut joins California, Virginia, Colorado, and Utah, in regulating businesses that possess, store, and/or sell consumers’ personal data. The CTDPA comes on the

On March 18, 2022, President Biden issued a letter to California Gov. Gavin Newsom (the “March 18th letter”) requesting that he secure California’s computer systems and critical infrastructure in light of recent Russian cyberattacks against Ukraine. President Biden advised  Newsom to gather his leadership team to discuss California’s cybersecurity and address several fundamental questions

Preparing for the Tidal Wave and Bracing for the Tsunami: Utah Becomes the Fourth State to Pass Privacy LegislationAt last count, at least 39 states have introduced (or passed) comprehensive privacy legislation. After what was previously a watch-and-wait game of legislative whack-a-mole, we are now seeing this legislation get passed and implemented more regularly and with greater speed.

Case in point, within two months of entering the new year, Senate Bill 227, titled

Defense Contractor Denied FCA Summary Judgment in First Test of DOJ’s New Civil Cyber-Fraud InitiativeOn February 1, 2022, the United States District Court for the Eastern District of California ruled that a False Claims Act (FCA) case against defense contractor Aerojet Rocketdyne Holdings and Aerojet Rockdyne Inc. (collectively “Aerojet”) could go forward on triable issues of fact as to whether noncompliance with government cybersecurity requirements are material to the

The Lloyd’s Market Association (the “LMA”) recently released four model clauses to exclude coverage for “war” from cyber insurance policies. The exclusions align with the requirement that all insurance policies written at Lloyd’s must exclude losses caused by war. Given the insurance industry’s weakening appetite for cyber risks, the issue for insureds is the extent

CMMC 2.0 – Simplification and Flexibility of DoD Cybersecurity Requirements

Continuing Effort to Protect National Security Data and NetworksEvolving and increasing threats to U.S. defense data and national security networks have necessitated changes and refinements to U.S. regulatory requirements intended to protect such.

In 2016, the U.S. Department of Defense (DoD) issued a Defense Federal Acquisition Regulation Supplement (DFARs) intended to better protect

FTC Finalizes Updated Safeguards Rule Under GLBA to Dramatically Expand Data Security Requirements and Scope of RuleUntil now, companies primarily regulated by the Federal Trade Commission (FTC) were given only vague directives to implement systems sufficient to safeguard customer data, coupled with FTC “recommendations” as to best practices. That is about to change with the FTC’s finalization of its proposed amendments to the Standards for Safeguarding Customer Information (Safeguards Rule) on

A Fintech Leader’s Thoughts on the North Carolina Regulatory Sandbox Act

As part of Bradley’s continuing coverage of the North Carolina Sandbox Act, we wanted to know what community members and NC fintech aficionados thought about this proposed legislation. We posed six questions to Tariq Bokhari, an influential leader in the financial technology (fintech) industry, who serves as the executive director of the Carolina Fintech

Another Data Privacy Law? Colorado Enacts the Colorado Privacy ActColorado became the third state to enact comprehensive data privacy legislation when Gov. Jared Polis signed the Colorado Privacy Act (CPA) on July 8, 2021. The CPA shares similarities with its stateside predecessors, the California Consumer Privacy Act (CCPA), the California Privacy Rights Enforcement Act (CPRA), and the Virginia Consumer Data Protection Act (VCDPA), as