Cyberattacks on corporate networks are on the rise, and the ramifications from such attacks can be financially devastating. Recent benchmarking data shows that the number of material cyber breaches at large businesses increased by 20.5% from 2020 to 2021, with cybersecurity budgets across industries aimed at preventing breaches jumping 51%. And while businesses suffering cyberattacks
Ohio Supreme Court: Insurance Policy Does Not Cover Ransomware Attack on Software
In a unanimous decision, the Ohio Supreme Court found that a computer software company’s business owners insurance policy does not cover losses resulting from a ransomware attack on the company’s computer software systems because the attack did not cause physical loss or physical damage to the software.
Read on for background on this case and…
DOJ and Aerojet Settle for $9 Million in Qui Tam Cybersecurity False Claims Act Case
On July 8, 2022, the U.S. Department of Justice announced a $9 million
settlement with federal government contractor Aerojet Rocketdyne, Inc. for
alleged violations of the False Claims Act in a case pending in the Eastern
District of California. The settlement results from alleged false
statements by Aerojet related to compliance with Department of Defense…
OCR Seeks Input on “Recognized Security Practices” as Mitigating Factor for HIPAA and HITECH Fines
In 2021, the Health Information Technology for Economic and Clinical Health Act (HITECH) was amended to add “recognized cybersecurity practices” as a mitigating factor when determining fines, audits and remedies against covered entities and business associates for violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA). The Department of Health and Human…
FINRA Releases 2022 Report on Examination and Risk Monitoring Program
In February, the Financial Industry Regulatory Authority released the 2022 Report on FINRA’s Examinations and Risk Monitoring Program, providing guidance to the broker-dealer industry.
Read on for a discussion of key topics addressed in this year’s report.
SEC Proposes New, Formal Cybersecurity Disclosure Rules
On March 9, the U.S. Securities and Exchange Commission proposed new rules that would fundamentally change how public companies treat the reporting and management of cybersecurity incidents and risk.
Read on for details about these proposed rules, which build significantly upon prior guidance by creating express, mandatory disclosure obligations.
DOJ Announces First False Claims Settlement Since Launch of Civil Cyber-Fraud Initiative
On March 8, the U.S. Department of Justice announced a $930,000 settlement with Comprehensive Health Services, LLC for alleged violations of the False Claims Act. As DOJ’s first resolution of a False Claims Act enforcement action involving cyber fraud since launching its Civil Cyber-Fraud Initiative in October 2021, this settlement signals the DOJ’s eagerness to…
Tech Investing Part III: Investing in AI
Investing in artificial intelligence (AI) companies has become a riskier and more involved process than in previous years. Companies need new processes and tools to follow the more stringent AI regulations that are on the horizon (at least in Europe and the United States). Regulators are discussing how best to structure AI regulations in order to align risk management with optimizing the potential value creation of these technologies. Investors should take a similar approach in their investment strategy. Read on for a discussion of the considerations investors should keep in mind as they vet their investment pipeline.
Continue Reading Tech Investing Part III: Investing in AI
Cybersecurity and Data Privacy – What to expect in 2022
Threats to cybersecurity and data privacy are constantly increasing both in volume and complexity. This trend is expected to continue in 2022. In a bid to protect cybersecurity and ensure data is properly safeguarded, countries around the world are introducing new laws focused on cybersecurity and data protection. Armed with new legal frameworks, regulators and law enforcement are placing onerous obligations on organisations who fall victim to cybersecurity breaches. There are shorter deadlines in which to notify the authorities of data breaches and ever increasing fines and penalties for businesses that fail to respond swiftly and appropriately to a cyberattack.
In this ever-changing area what is on the horizon for 2022?…
Continue Reading Cybersecurity and Data Privacy – What to expect in 2022
CMMC 2.0: Department of Defense Revamps Cybersecurity Maturity Model Certification Program
On Nov. 4, the Department of Defense announced significant changes to the Cybersecurity Maturity Model Certification program, intended to simplify the certification standard and prioritize protection of certain types of controlled defense information.
Read on for an overview of the changes, a timeline for their implementation and implications for defense contractors.