Cybersecurity

Subscribe to Cybersecurity via RSS

On November 20, 2025, the Securities and Exchange Commission and defendants SolarWinds Corp. and Timothy G. Brown filed a joint stipulation to dismiss with prejudice the SEC’s civil enforcement action pending in the Southern District of New York. The SEC would dismiss all claims concerning the conduct alleged in the SEC’s Amended Complaint and includes

Overview

On October 21, 2025, the New York State Department of Financial Services (NYDFS) released comprehensive guidance for registrants regarding management of cybersecurity risks associated with third-party service providers (TPSPs) including cloud computing, file transfer system, AI and fintech solutions.[1] As reliance on external vendors for critical technology services grows, so too do the cyber threats to operations and sensitive customer data. The guidance clarifies regulatory expectations, highlights best practices, and underscores the importance of robust third-party risk management throughout the entire vendor relationship lifecycle.  In summary, companies can outsource functions but will still retain responsibility for cybersecurity oversight.Continue Reading NYDFS Issues Guidance on Third-Party Cybersecurity Risk Management: What Regulated Entities Need to Know

With Halloween lurking around the corner and as National Cybersecurity Awareness Month comes to a close, the McGuireWoods Data Privacy & Cybersecurity Practice Group reminds you to not wait to be spooked by a cybersecurity incident or haunted by the task of maintaining your cybersecurity program.

Today’s threat landscape is rapidly changing and accelerated evermore by the capabilities of AI and automation on both sides of the cyber battlefield. Organizations that stay ahead are using established cybersecurity frameworks to provide a strong architecture on which to continuously evolve their cybersecurity program and testing their response to the latest threats through tabletop exercises. By leveraging modern technologies, such as AI-enabled detection, zero trust architectures, automated configuration management, and secure-by-design engineering, leading organizations are making cybersecurity not just stronger, but measurably faster, leaner, and more resilient.Continue Reading Halloween Reminder – Don’t Get Haunted by Hacks

California’s Invasion of Privacy Act (CIPA) is a 1967 criminal wiretapping statute being stretched to govern 2025-era internet technologies.  The result has been a patchwork of conflicting decisions that turn on hair-splitting distinctions about what it means to “read” a communication “in transit,” whether URLs and clickstream data constitute “contents,” and how third-party service providers fit within a statute that never contemplated real-time web analytics, session replay tools, or ad technology.Continue Reading California’s CIPA Jurisprudence Is Unworkable: The Legislature Should Fix It—Starting With SB 690

In a significant step toward strengthening consumer privacy protections, the California Privacy Protection Agency (CPPA) board has officially adopted a comprehensive set of updates to the California Consumer Privacy Act (CCPA) regulations.  These long-anticipated regulations—covering cybersecurity audits, risk assessments, and automated decision-making technology (ADMT)—mark a pivotal shift in the state’s data privacy enforcement landscape.Continue Reading New CCPA Rules Are Here: Is Your Business Ready for What’s Next?

Regulators of data privacy laws have expressed a desire in recent months to intensify enforcement around opt-out preference signals, also known as universal opt-out mechanisms (the “Opt-Out Signals”).

Opt-Out Signals allow consumers to automatically opt-out of the sale and sharing of personal information for targeted advertising across all websites they may visit through an internet

After years of waiting, the U.S. Department of Defense (DoD) posted to the Federal Register for public inspection on Sept. 9, 2025, a final rule implementing the Cybersecurity Maturity Model Certification 2.0 (CMMC 2.0) standards into the Defense Federal Acquisition Regulation Supplement, formally published on Sept. 10, 2025. CMMC 2.0 is a fundamental shift in how the

Amazon’s recent announcement to invest at least $20 billion in cloud computing and AI data center campuses across Pennsylvania — a record‑breaking private investment in the state — marks a turning point in digital infrastructure build-out. Spanning sites in Luzerne and Bucks counties, the project promises 1,250 full‑time roles and thousands more in construction, while

On May 20, 2025, the Senate cleared procedural obstacles to consider the GENIUS Act on the Senate floor. Originally introduced on Feb. 4, by Senator Bill Hagerty, R-TN, along with Senate Banking Committee Chairman Tim Scott, R-SC, Kirsten Gillibrand, D-NY, and Cynthia Lummis, R-WY, the Guiding and Establishing National Innovation for U.S. Stablecoins of 2025

In a recent decision, the U.S. District Court for the Northern District of California has construed the private right of action provision under the California Consumer Privacy Act (CCPA) broadly, which increases business risk to tracking technologies lawsuits that are already rampant.Continue Reading Broad Interpretation of CCPA’s Private Right of Action Increases Business Risk to Tracking Technologies Lawsuits