Skip to main content

Clifford Chance

Clifford Chance
Cyber<br />

Cyber

Talking Tech

Featured

New Amendment to New York's Cybersecurity Requirements for Financial Services Companies: a Call to Swift and Urgent Action
Cyber

New Amendment to New York's Cybersecurity Requirements for Financial Services Companies: a Call to Swift and Urgent Action

On November 1, 2023, the New York State Department of Financial Services (DFS) announced an amendment to its cybersecurity requirements for financial services companies, 23 NYCRR Part 500.

Read
The EU Cyber Resilience Act – Towards a safe and secure digital market in Europe

The EU Cyber Resilience Act – Towards a safe and secure digital market in Europe

In this briefing we overview the CRA as adopted by the European Parliament on 12 March 2024, including the obligations imposed on those involved in the supply chain of connected devices, and consider key changes made by the Council and the European Parliament (the co-legislators) to the European Commission’s original proposal.

Read
Court of Justice of the European Union on GDPR & Cybercrime
Data

Court of Justice of the European Union on GDPR & Cybercrime

On 14 December 2023, the Court of Justice of the European Union (CJEU) published its preliminary ruling in Case C-340/21 involving the Bulgarian National Revenue Agency (NAP), which suffered a cyberattack leading to the unauthorized disclosure of personal data.

Read
Cyber

NYDFS Flexes Enforcement Muscle in Crypto Markets With $30 Million AML and Cybersecurity Fine and Draft Cybersecurity Amendments

The New York Department of Financial Services ("NYDFS") levied a hefty $30 million penalty on Robinhood Crypto, LLC ("Robinhood Crypto"), citing what the agency identified as persistent and pervasive transaction monitoring and cybersecurity compliance failures. NYDFS also required Robinhood Crypto to retain an independent compliance consultant for 18 months.

Read

EU Cyber Resilience Act Approved by European Parliament

On Tuesday 12 March, the European Parliament approved the Cyber Resilience Act, a milestone EU regulation which will set cyber security rules for 'products with digital elements' made available on the EU market. The CRA is now awaiting formal approval by the Council and is expected to enter into force in the coming months, with its rules becoming fully applicable over various transition periods. We overview key aspects of the CRA and flag some of the changes that have been introduced since the original Commission proposal.

Read
Cyber

SEC Adopts New Cybersecurity Disclosure Requirements for Public Companies

On July 26, 2023, the U.S. Securities and Exchange Commission adopted new cybersecurity related disclosure requirements that will apply to public companies that are subject to periodic reporting obligations under US federal securities law. The SEC is amending Form 8-K to require registrants that use this form to report specified information related to a cybersecurity incident within four business days of determining that the incident is material.

Read
DORA: Exploring what the new European Framework for Digital Operational Resilience means for your business
Cyber

DORA: Exploring what the new European Framework for Digital Operational Resilience means for your business

On 10 November 2022, the European Parliament voted to adopt a new EU regulation on digital operational resilience for the financial sector (DORA). With obligations under DORA coming into effect late in 2024 or early 2025 at the latest, in this article we take a closer look at its impact and consider what the regulation will mean for firms, their senior managers and operations and what firms should be doing now in preparation for day one compliance.

Read
EU Cyber Resilience Act – proposed cybersecurity rules for connected products

EU Cyber Resilience Act – proposed cybersecurity rules for connected products

The proposed Cyber Resilience Act will introduce new common cybersecurity requirements for "products with digital elements" placed on the EU market. Forming part of the EU's Cybersecurity Strategy, this proposed regulation would impose a range of obligations on manufacturers, importers and distributors of connected hardware and software, with the aim of ensuring that technical vulnerabilities are minimised and managed in a transparent manner. This article discusses key aspects of the proposal.

Read
NYDFS fines health insurer EyeMed $4.5 million for cybersecurity violations after mandatory self-report

NYDFS fines health insurer EyeMed $4.5 million for cybersecurity violations after mandatory self-report

NYDFS learned about the breach after EyeMed reported the incident, as required by the Cybersecurity Regulation. The penalty is a reminder to companies in scope of the regulation to make sure to review their compliance before an incident, a costly lesson more and more companies are learning from NYDFS.

Read
The Solana Cyber-attack: What now?
Cyber

The Solana Cyber-attack: What now?

Hackers have been targeting various areas of the crypto market, including bridges, exchanges and wallets. One such example occurred in August 2022, which was the major cyber-attack on the Solana ecosystem (Solana), raising questions about the security of underpinning cryptoassets and causing loss to investors across the globe.

READ
Ransomware Playbook
Cyber

Ransomware Playbook

Our newly updated international playbook addresses how best to prepare for and respond to a ransomware attack, and contains guidance from key jurisdictions around the world regarding applicable legal regimes

READ
Congress passes broad legislation requiring critical infrastructure sectors to report substantial cyber incidents and ransomware payments
Cyber

Congress passes broad legislation requiring critical infrastructure sectors to report substantial cyber incidents and ransomware payments

This statute is the first federal law to require reporting of cyber incidents across a wide range of industries. These requirements will take effect upon the finalization of implementing regulations by the Cybersecurity and Infrastructure Security Agency (CISA).

READ
To pay or not to pay? The ransomware conundrum
Cyber

To pay or not to pay? The ransomware conundrum

Held to ransom?

READ
FinCEN flexes new expertise in clear warning to companies broadly involved in processing ransomware payments
Fintech

FinCEN flexes new expertise in clear warning to companies broadly involved in processing ransomware payments

Strengthen your detection and monitoring

READ
Treasury ransomware advisories warn companies to consider collateral legal risks in payments
Cyber

Treasury ransomware advisories warn companies to consider collateral legal risks in payments

Updating the ransomware playbook

READ

Upcoming events

10 October 2024: TradFi Meets Blockchain Policy Summit (New York)

We are delighted to be hosting the 2024 TradFi Meets Blockchain Policy Summit on behalf of Capitol Asset Strategies at our office in New York. Join us for thoughtful panel conversations focused on traditional capital markets use of distributed ledger technology to sell and distribute regulated "tokenized" financial products and the real business and regulatory challenges to wider adoption. You will hear from expert business leaders, legal professionals and policy leaders with panelists and attendees spanning traditional finance and crypto-native, all together in one room for insights on this growing market. | See the full agenda and speaker line up or register here.

Time: from 11:00 EDT