Skip to main content

Clifford Chance

Clifford Chance
All

Cyber

Talking Tech

Featured

Alternative Text

Cyber

Cybersecurity in Europe: where are we now?

Four years into the 2020s there is a clear push in the European Union harmonisation of the rules within the cyber security landscape, with the financial services sector, devices, and cloud security being key areas of focus. This has been a long time coming. Under the guise of its 2020 Cybersecurity Strategy for the Digital Decade, the EU has embarked on a flurry of regulatory developments and proposals that, between them, aim to enhance the baseline cybersecurity of organisations operating in the EU, and levy stronger obligations on certain sectors such as financial services and critical infrastructure. In this overview article, we examine some of these key regulatory developments in the EU, whilst highlighting equivalent efforts, where applicable, in the UK.
Alternative Text

Cyber

New Amendment to New York's Cybersecurity Requirements for Financial Services Companies: a Call to Swift and Urgent Action

On November 1, 2023, the New York State Department of Financial Services (DFS) announced an amendment to its cybersecurity requirements for financial services companies, 23 NYCRR Part 500.

Alternative Text

Data

Court of Justice of the European Union on GDPR & Cybercrime

On 14 December 2023, the Court of Justice of the European Union (CJEU) published its preliminary ruling in Case C-340/21 involving the Bulgarian National Revenue Agency (NAP), which suffered a cyberattack leading to the unauthorized disclosure of personal data.

Cyber

NYDFS Flexes Enforcement Muscle In Crypto Markets With $30 Million AML And Cybersecurity Fine And Draft Cybersecurity Amendments

The New York Department of Financial Services ("NYDFS") levied a hefty $30 million penalty on Robinhood Crypto, LLC ("Robinhood Crypto"), citing what the agency identified as persistent and pervasive transaction monitoring and cybersecurity compliance failures. NYDFS also required Robinhood Crypto to retain an independent compliance consultant for 18 months.

Cyber

SEC Adopts New Cybersecurity Disclosure Requirements for Public Companies

On July 26, 2023, the U.S. Securities and Exchange Commission adopted new cybersecurity related disclosure requirements that will apply to public companies that are subject to periodic reporting obligations under US federal securities law. The SEC is amending Form 8-K to require registrants that use this form to report specified information related to a cybersecurity incident within four business days of determining that the incident is material.
the-eu-cyber-resilience-act

EU Cyber Resilience Act Approved by European Parliament

On Tuesday 12 March, the European Parliament approved the Cyber Resilience Act, a milestone EU regulation which will set cyber security rules for 'products with digital elements' made available on the EU market. The CRA is now awaiting formal approval by the Council and is expected to enter into force in the coming months, with its rules becoming fully applicable over various transition periods. We overview key aspects of the CRA and flag some of the changes that have been introduced since the original Commission proposal.

 Read

Cyber

DORA: Exploring what the new European Framework for Digital Operational Resilience means for your business

On 10 November 2022, the European Parliament voted to adopt a new EU regulation on digital operational resilience for the financial sector (DORA). With obligations under DORA coming into effect late in 2024 or early 2025 at the latest, in this article we take a closer look at its impact and consider what the regulation will mean for firms, their senior managers and operations and what firms should be doing now in preparation for day one compliance.

Read

EU Cyber Resilience Act – proposed cybersecurity rules for connected products

The proposed Cyber Resilience Act will introduce new common cybersecurity requirements for "products with digital elements" placed on the EU market. Forming part of the EU's Cybersecurity Strategy, this proposed regulation would impose a range of obligations on manufacturers, importers and distributors of connected hardware and software, with the aim of ensuring that technical vulnerabilities are minimised and managed in a transparent manner. This article discusses key aspects of the proposal.

Read

NYDFS fines health insurer EyeMed $4.5 million for cybersecurity violations after mandatory self-report

NYDFS learned about the breach after EyeMed reported the incident, as required by the Cybersecurity Regulation. The penalty is a reminder to companies in scope of the regulation to make sure to review their compliance before an incident, a costly lesson more and more companies are learning from NYDFS.

Read
Cyber

The Solana Cyber-attack: What now?

Hackers have been targeting various areas of the crypto market, including bridges, exchanges and wallets. One such example occurred in August 2022, which was the major cyber-attack on the Solana ecosystem (Solana), raising questions about the security of underpinning cryptoassets and causing loss to investors across the globe.

READ
Cyber

Ransomware Playbook

Our newly updated international playbook addresses how best to prepare for and respond to a ransomware attack, and contains guidance from key jurisdictions around the world regarding applicable legal regimes

READ
Cyber

Congress passes broad legislation requiring critical infrastructure sectors to report substantial cyber incidents and ransomware payments

This statute is the first federal law to require reporting of cyber incidents across a wide range of industries. These requirements will take effect upon the finalization of implementing regulations by the Cybersecurity and Infrastructure Security Agency (CISA).

READ
Cyber

To pay or not to pay? The ransomware conundrum

Held to ransom?

READ
Fintech

FinCEN flexes new expertise in clear warning to companies broadly involved in processing ransomware payments

Strengthen your detection and monitoring

READ
Cyber

Treasury ransomware advisories warn companies to consider collateral legal risks in payments

Updating the ransomware playbook

READ
See All our Cyber Content

Upcoming events

cyber-attack-A01

EVENT: 18 April: Navigating cybersecurity and resilience in 2024 (online)

The global trend towards increased cybersecurity and resilience regulation will tighten existing requirements and affect a broader range of businesses than ever before. From updates in SEC and NYDFS cyber requirements, to Singapore’s proposed Cybersecurity Amendment Bill, our global panel will examine developments in the US, APAC, Europe and the Middle East

Time: 08:00 EDT / 13:00 BST / 14:00 CEST / 20:00 HKT

To Register, please complete the online registration form.
See all our events

Toolkits & Client Log-in