Eversheds Sutherland Cybersecurity and Privacy Insights Blog
content top

Is the Shipping Industry on Cybersecurity Autopilot?

In his article for The Maritime Executive, Eversheds Sutherland (US) Partner Michael Bahar provides insight on the cyber risks associated with the possibility of automated ships and what the US House Intelligence Committee and the US Coast Guard are doing to mitigate these risks. Ultimately, for the maritime industry and for those industries reliant on the maritime industry, Michael says the time is now to generate and implement a sound cyber strategy, especially with the move to greater connectivity and greater automation. Learn...
Continue Reading

NAIC Takes Major Step Toward Final Approval of Insurance Data Security Model Law

In a flurry of approvals last week, the National Association of Insurance Commissioners (NAIC) took substantial steps toward finalizing its proposed Insurance Data Security Model Law during the 2017 NAIC Summer National Meeting in Philadelphia. The Model Law establishes minimum cybersecurity standards consistent with New York’s cybersecurity regulation. The approval of the Model Law by key NAIC bodies is further indication of the increasing consensus among federal and state agencies regarding the core cybersecurity practices that businesses across sectors will be expected to meet. Learn...
Continue Reading

Toward a Culture of Continuous Cybersecurity

The SEC’s Office of Compliance Inspections and Examinations (OCIE) just issued a “Risk Alert” containing the results of its Cybersecurity 2 Initiative. In their article for Law360, which analyzes the OCIE Alert, Eversheds Sutherland (US) Partners Michael Bahar and Brian Rubin write that the SEC supports the notion that effective cybersecurity is not a matter of one-and-done, but rather a senior-management led cultural shift towards a holistic, proactive, risk-based and well-practiced cyber strategy. Learn...
Continue Reading

What European Financial Institutions need to know about New York’s Cybersecurity Regulations

From 28 August 2017, banks, insurers, and other financial institutions operating in New York will be required to comply with the New York Department of Financial Services (“NYDFS”) Cybersecurity Requirements for Financial Services Companies (the “Regulations”). Finalized on March 1, 2017, firms had 180 days from the effective date to comply with the core requirements of the Regulations, while being allowed additional time to comply with others. Learn...
Continue Reading

The FTC is Watching When Your Children’s Toys are Listening

In his article published by The Hill, Eversheds Sutherland (US) Partner Michael Bahar provides insight on the recent Federal Trade Commission (FTC) update to its Children’s Online Privacy Protection Act (COPPA) compliance plan. The update is the latest in a series of regulatory moves to bring attention to the serious cybersecurity and data privacy issues latent in the ever-expanding internet of things and the ever-smartening supply chain. Whether a company manufacturers smart toys or not, Michael discusses that the one key takeaway from the FTC’s latest COPPA guidance is that new...
Continue Reading

The Future of Cyber Coverage Leans to Standardization

In this interview with A.M BestTV, Eversheds Sutherland (US) Partner Michael Bahar discusses cybersecurity issues and how organizations can prepare for potential cyberattacks. Learn more.
Continue Reading

NYDFS Makes Inquiry into Life Insurers’ Use of Algorithmic Underwriting

On June 29, 2017, the New York Department of Financial Services (NYDFS) issued an information request pursuant to Section 308 of the New York Insurance Law addressed to all life insurers and fraternal benefit societies authorized to write life insurance in New York (the 308 Request) requesting information about how they use “external consumer data” and algorithms in their underwriting processes. Under Section 308, NYDFS has broad authority to make inquiries to any licensed insurer in relation to its “transactions or condition or any matter connected therewith.” Learn...
Continue Reading

UK Data Regulator Reveals Sweeping International Strategy

The UK is committed to promoting itself as a global data protection gateway, with high standards of data protection law and practice, according to the UK Information Commissioner’s Office’s (ICO) newly released international strategy for effectively protecting the public’s personal information over the next four years. Learn more. 
Continue Reading

The Regulatory Bellwether: Forecasting Cyber Breach Litigation

While the prospects of cybersecurity litigation loom ever larger, there are tangible ways that may very well decrease the unease and mitigate the risk—if you know where to look. Learn more.
Continue Reading

Cyber Hostage-Taking: Petya Holds Physical Infrastructure for Ransom

On June 27, 2017, hackers struck vulnerable businesses around the world with a new version of the “Petya” ransomware. This major cyberattack has disrupted utilities, shipping companies, law firms and other businesses across the US, Russia, Europe and the Asia Pacific region. It continues to spread without regard to geographic or industry boundaries, and it has already impacted systems that control physical infrastructure like electrical grids and maritime ports, with the potential to cause far-ranging ripple effects to other essential services and the global supply chain. Learn...
Continue Reading

FCRA Violations Lead to Record-Breaking $60 Million Verdict

On June 19, a jury sitting in federal court in the United States District Court for the Northern District of California awarded plaintiffs $60 million after finding that the defendant, TransUnion, LLC, violated provisions of the Fair Credit Reporting Act (FCRA). This is reported to be the largest jury award on record for FCRA violations. The case is Ramirez v. Trans Union, LLC.   Learn more.
Continue Reading

Election Hackers Altered Voter Rolls, Stole Private Data, Officials Say

Eversheds Sutherland (US) Partner Michael Bahar is quoted in this Time Magazine providing insight on the hacking of state and local election databases in 2016. Specifically, Michael addresses key questions congressional investigators are including in their probe to determine the nature and scale of the Russian cybersecurity attack. Learn more.
Continue Reading

Wannacry: Avoiding Being Held to Ransom

In recent weeks the disruptive power of ransomware has been displayed in the media, with the prominent strain ‘Wannacrypt’ or ‘Wannacry’ making headlines. High-profile ransomware attacks are not a new thing, last year ‘Locky’, a prolific ransomware strain, targeted 400,000 systems in its first week. Learn more.
Continue Reading

Automation’s Impact Across a Wide Range of Industries

It is becoming clear that the disruptive nature of the autonomous vehicle will extend far beyond the automotive industry. In their article for Law360, Eversheds Sutherland (US) attorneys Michael Nelson and Trevor Satnick provide unique insight into what a future might look like without humans behind the wheel. Learn more.
Continue Reading