Marcus Christian

Oct 14, 2024 | mondaq.com | Marcus Christian |Adam Hickey |Amber Thomson |Kathryn Allen

By now, companies across all industries have become familiar with the lifecycle and stages of a ransomware incident. Generally, once an attack is contained, remediation and rebuilding will follow. Shortly after, the crisis begins to subside, and legal reviews of impacted data and notifications to potentially impacted individuals, state attorneys general, and regulators all follow (often with the assistance of an e-discovery firm). Not long ago, this signaled the end of the incident.

Oct 14, 2024 | jdsupra.com | Kathryn Allen |Marcus Christian |Adam Hickey

By now, companies across all industries have become familiar with the lifecycle and stages of a ransomware incident. Generally, once an attack is contained, remediation and rebuilding will follow. Shortly after, the crisis begins to subside, and legal reviews of impacted data and notifications to potentially impacted individuals, state attorneys general, and regulators all follow (often with the assistance of an e-discovery firm). Not long ago, this signaled the end of the incident.

Apr 3, 2024 | mondaq.com | Rajesh De |Adam Hickey |Stephen Lilley |Marcus Christian

On March 27, 2024, the Cybersecurity & Infrastructure Security Agency (CISA) within the US Department of Homeland Security released a much-anticipated notice of proposed rulemaking (NPRM) to implement the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA). Under the proposed rule, covered entities will have 72 hours to report to CISA a "covered cyber incident" and 24 hours to report a ransom payment (even if it is not a payment associated with a covered incident).

Apr 1, 2024 | jdsupra.com | Marcus Christian |Rajesh De |Aaron Futerman

On March 27, 2024, the Cybersecurity & Infrastructure Security Agency (CISA) within the US Department of Homeland Security released a much-anticipated notice of proposed rulemaking (NPRM) to implement the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA). Under the proposed rule, covered entities will have 72 hours to report to CISA a “covered cyber incident” and 24 hours to report a ransom payment (even if it is not a payment associated with a covered incident).

Dec 20, 2023 | mondaq.com | Marcus Christian |Aaron Futerman |Justin Herring |Adam Hickey

On December 12, 2023, the Department of Justice (DOJ) issued guidelines for companies to follow in requesting that the Attorney General authorize delays of cyber incident disclosures required by the U.S. Securities and Exchange Commission ("SEC") pursuant to Form 8-K Item 1.05.