Photo of David Hirsch

David Hirsch

Subscribe to David Hirsch's Posts

Dave is a highly respected member of the securities enforcement and regulatory counseling practice group at McGuireWoods, where he plays a key role shaping the strategic direction of the firm’s securities enforcement initiatives. Before joining McGuireWoods, Dave was Chief of the Crypto Assets and Cyber Unit in the SEC Division of Enforcement, and prior to that served as enforcement counsel to SEC Commissioner Crenshaw. He is a recognized expert and frequent speaker with a robust practice that spans a wide array of complex regulatory and enforcement matters, particularly those involving crypto and cyber.

Contact:Read more about David Hirsch

On November 20, 2025, the Securities and Exchange Commission and defendants SolarWinds Corp. and Timothy G. Brown filed a joint stipulation to dismiss with prejudice the SEC’s civil enforcement action pending in the Southern District of New York. The SEC would dismiss all claims concerning the conduct alleged in the SEC’s Amended Complaint and includes

Overview

On October 21, 2025, the New York State Department of Financial Services (NYDFS) released comprehensive guidance for registrants regarding management of cybersecurity risks associated with third-party service providers (TPSPs) including cloud computing, file transfer system, AI and fintech solutions.[1] As reliance on external vendors for critical technology services grows, so too do the cyber threats to operations and sensitive customer data. The guidance clarifies regulatory expectations, highlights best practices, and underscores the importance of robust third-party risk management throughout the entire vendor relationship lifecycle.  In summary, companies can outsource functions but will still retain responsibility for cybersecurity oversight.Continue Reading NYDFS Issues Guidance on Third-Party Cybersecurity Risk Management: What Regulated Entities Need to Know

On May 20, 2025, the Senate cleared procedural obstacles to consider the GENIUS Act on the Senate floor. Originally introduced on Feb. 4, by Senator Bill Hagerty, R-TN, along with Senate Banking Committee Chairman Tim Scott, R-SC, Kirsten Gillibrand, D-NY, and Cynthia Lummis, R-WY, the Guiding and Establishing National Innovation for U.S. Stablecoins of 2025

As public companies’ reliance on remote work, cloud computing and digital payments increases, so too does the cybersecurity risk. Recognizing this, the SEC finalized rules and regulations in September 2023 requiring new cybersecurity-related disclosures from public companies. In prior efforts to improve consistency and accuracy of public company cybersecurity risk disclosures, the SEC issued interpretive

On Oct. 22, 2024, the Securities and Exchange Commission (SEC) announced settled charges against four current and former public companies, Unisys, Avaya Holdings, Check Point Software Technologies and Mimecast, for allegedly making materially misleading statements in their public disclosures regarding cybersecurity intrusions and risks following the SolarWinds Corporation software hack. This wave of enforcement actions