Cybersecurity

Subscribe to Cybersecurity RSS Feed

WEBINAR- The 2024 Revolution in Administrative Law: Chevron and Beyond

Join #TeamSPB’s Ben Glassman, Keith Bradley and Patricia Doersch for a timely webinar on the major decisions recently issued by SCOTUS.  The panel will cover each of the recent decisions (Loper Bright v. Raimondo, SEC v. Jarkesy, Ohio v. EPA, and Corner Post v. the Fed) and discuss the consequences, as well as the opportunities … Continue Reading

End of the Chevron Era: The Future of Agency Enforcement Shifts to Courts

With its second of two landmark decisions impacting the future of federal agency enforcement, SCOTUS struck down the Chevron decision last week.  In a 6-3 decision in Loper Bright Enterprises v. Raimondo, the Court shifted enforcement power away from agencies and to the federal courts. The implications of the Chevron decision are both significant and … Continue Reading

SCOTUS Ruling in Jarkesy Foreshadows Big Changes in Federal Enforcement

SPB’s Keith Bradley authored an article for Bloomberg Law covering a recent SCOTUS decision with significant ramifications: SEC v. Jarkesy. We believe that Jarkesy will decidedly shift the landscape of agency adjudication and regulatory enforcement. For the background and possible implications of this decision, read the full article at Supreme Court’s Jarkesy Ruling Upends SEC … Continue Reading

Who Determines Materiality of Cybersecurity Incidents in Light of Recent SEC Rule Requiring Disclosure of Cybersecurity Incidents?

In December 2023, the U.S. Securities and Exchange Commission’s (“SEC”) new rule requiring disclosure of material cybersecurity incidents became effective. SPB previously analyzed how the new rule applies to incidents affecting third-party vendors and what companies can do to manage reporting risks created by third-party cybersecurity incidents. In the first half of 2024, more than … Continue Reading

Navigating AI Risks: A Guide to Enhancing Corporate Compliance Programs

In today’s rapidly evolving technological landscape, the integration of artificial intelligence (“AI”) into business operations presents unparalleled opportunities for efficiency and innovation. Alongside these advancements, however, come new challenges and risks that must be addressed to ensure regulatory compliance and ethical responsibility. Recently, the Department of Justice (“DOJ”) has underscored the importance of proactively managing … Continue Reading

Navigating Shifting Legal Landscapes: Implications of Deputy Attorney General Lisa Monaco’s Address to Oxford University on Artificial Intelligence

Deputy Attorney General Lisa Monaco’s (“Monaco”) recent remarks at Oxford University shed light on the evolving intersection of artificial intelligence (“AI”) and the criminal enforcement landscape and its profound implications for the United States Department of Justice and beyond. As the Chief Operating Officer of the Department of Justice, Monaco’s insights underscore the critical importance … Continue Reading

Managing and Reporting Third-Party Cybersecurity Incidents Under the New SEC Cyber Risk Regulations

The rules on reporting cybersecurity risks and incidents pose many challenges for companies. Those challenges can be even more difficult when the cybersecurity incident affects third-party systems. With no exceptions for third-party cybersecurity incidents under the new cybersecurity reporting regulations, companies should take proactive steps to assess and respond appropriately to third-party cybersecurity incidents. The … Continue Reading

Recent Changes to FATF’s “Grey List”; Could the UAE be Next Off the List?

Between October 25 and October 27, 2023, the Financial Action Task Force (“FATF”), an international policy-making and standard-setting body dedicated to combating money laundering and terrorist financing, held its third plenary meeting of the year (the “October Plenary”), at which it made important updates to its list of jurisdictions under increased monitoring, often externally referred … Continue Reading

Yet Another False Claims Act Salvo (now #4) in DOJ’s “Civil Cyber-Fraud Initiative”

We have been tracking and reporting on the U.S. Department of Justice’s Civil Cyber-Fraud Initiative (“CCF Initiative”), which U.S. Deputy Attorney General Lisa O. Monaco announced in October 2021. The CCF Initiative employs the powerful False Claims Act (“FCA”) in an effort to “hold accountable entities or individuals that put U.S. information or systems at … Continue Reading

Live Event:  Avoiding Litigation and Navigating Regulatory Challenges Amid Growing Privacy, Cybersecurity and Artificial Intelligence Scrutiny

Join subject matter experts across policy, litigation, and regulation for an engaging discussion around privacy, cybersecurity, and AI.  This live event will be in our Washington DC office and will include perspectives from in-house leaders, a former FBI agent, an incident response forensic expert, world-class public policy experts, and our privacy and cybersecurity professionals.  The … Continue Reading

Rule 10b5-1 Application and Enforcement

On March 1, 2023, the Department of Justice (“DOJ”) and the Securities and Exchange Commission (“SEC”) demonstrated continued interest in investigating insider trading by company executives who possess material non-public information when they unsealed an indictment and filed a civil complaint, respectively, in the Central District of California. Though a Rule 10b5-1 plan—an investment device … Continue Reading

DOJ Announces New Compensation Incentives and Clawbacks Pilot Program

As we recently discussed, the Department of Justice released new guidance covering a multitude of topics, including employees’ use of personal electronic devices and third-party messaging platforms, financial compensation incentives and clawbacks.  At the American Bar Association’s 38th Annual National Institute on White Collar Crime, Deputy Attorney General Lisa Monaco announced the launch of the … Continue Reading

Another False Claims Act Salvo in DOJ’s “Civil Cyber-Fraud Initiative”

We previously offered insight into two False Claims Act (“FCA”) enforcement actions brought by the U.S. Department of Justice (“DOJ”) as part of its “Civil Cyber-Fraud Initiative” (“CCF Initiative”).  Deputy Attorney General Lisa O. Monaco announced the CCF Initiative in October 2021, stating that “[t]he initiative will hold accountable entities or individuals that put U.S. … Continue Reading

DOJ Updates Ephemeral Messaging Guidance

On Friday, March 3, 2023, the DOJ released its updated Evaluation of Corporate Compliance Programs, which included new guidance on ephemeral messaging platforms and other issues. This new guidance was released contemporaneously with Assistant Attorney General Kenneth A. Polite, Jr.’s (‘Polite”) speech at the American Bar Association’s (“ABA”) 38th Annual National Institute on White Collar … Continue Reading

Compliance Risks for Remote and Hybrid Working Models

With the cold and flu season underway and COVID-19 still ever-present, it is a good time to take stock of the potential risks that come with working remotely.  Following the lifting of pandemic restrictions allowing offices to open back up, many companies continued to offer work from home or hybrid arrangements.  It is important for … Continue Reading

Corporate and White-Collar Enforcement in 2023–24

As 2022 comes to a close, is it possible to predict a trend for corporate and white-collar enforcement by the U.S. Department of Justice in 2023? Yes: enforcement will increase in 2023, and it will increase yet more in 2024. Understanding the Department as a dispersed, human institution that responds to incentives explains why.… Continue Reading

OFAC Sanctions Virtual Currency Mixer “Tornado Cash”

On August 8, 2022, the U.S. Department of the Treasury’s Office of Foreign Assets Control (“OFAC”) sanctioned virtual currency mixer Tornado Cash for having laundered more than USD 7 billion worth of virtual currency since its founding in 2019.  This includes over USD 455 million worth of stolen virtual currency associated with the Lazarus Group, … Continue Reading

Cybersecurity Compliance on U.S. Government Contracts and Subcontracts

The U.S. Department of Justice announced late last year that it would utilize the False Claims Act, the U.S. government’s primary civil tool to redress false claims for federal funds and property, to bring actions against U.S. government contractors and subcontractors who do not meet the cybersecurity requirements of a particular contract or grant. The … Continue Reading

Series: Remedies available to companies harmed by industrial espionage

The authors would like to thank Thomas Fogarty and Anya Bharat Ram for their contributions to this post. Section 1832 of the Economic Espionage Act of 1996 (the “Act”) criminalizes the theft of trade secrets “intended for use in interstate or foreign commerce, to the economic benefit of anyone other than the owner.” 18 U.S.C. § 1832(a). … Continue Reading

Series: Types of Industrial Espionage

Industrial espionage refers to various activities performed to gain an unfair competitive advantage, rather than for national security purposes.  As we discussed in a previous article, the ways in which industrial espionage can affect a company are numerous and include theft of trade secrets and disruption to operation. Section 1832 of the Economic Espionage Act … Continue Reading

New DOJ KleptoCapture Task Force to Enforce Russia Sanctions

On March 2, 2022, the U.S. Department of Justice (“DOJ”) announced the creation of the interagency Task Force KleptoCapture (the “Task Force”) to enforce the sanctions, export restrictions, and economic countermeasures against Russian officials and oligarchs in response to the conflict in Ukraine. The Task Force will consist of prosecutors and agents from numerous federal … Continue Reading

New Law Requires 72-Hour Notice for Cyber Incidents

We recently shared a timely post on Consumer Privacy World that, given the focus of, we wanted to call to your attention. “President Biden has recently delivered on a long stated priority of his presidency: requiring the disclosure of cyber security incidents for companies that operate critical infrastructure. After announcing an executive order in May … Continue Reading

OFAC Issues Updated Ransomware Advisory and Designates Virtual Currency Exchange

On September 21, 2021, the United States Department of the Treasury’s Office of Foreign Assets Control (“OFAC”) issued an Updated Advisory on Potential Sanctions Risks for Facilitating Ransomware Payments (the “Updated Advisory”) superseding its earlier October 1, 2020 guidance on ransomware attacks and, for the first time, added a virtual currency exchange to the Specially … Continue Reading
LexBlog