The United Kingdom’s National Cyber Security Centre (NCSC) has released its Annual Review for 2025. As in 2024, the report covers the UK’s cyber security position as well as the country’s readiness to deal with those threats. A copy of NCSC’s report is available here. The Annual Review states that “it is time to act”. […]
Uncategorized
Government Shutdown Creates Lapse in Cyber Threat Information Sharing
The day before the recent federal government shutdown, a ten-year old cybersecurity law expired before it could be reauthorized. The Cybersecurity Information Sharing Act of 2015 (“CISA”) provided a mechanism for private companies to share information with the federal government about cyber threats in return for certain legal protections. CISA applied only when the information […]
CISA Gives Itself an Extension for Cyber Incident Reporting Rules
The Cybersecurity and Infrastructure Security Agency (CISA) has extended the deadline for it to issue final rules about mandatory incident reporting for critical infrastructure entities. The original deadline of October 2025 was pushed by six months to May 2026. Under the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA), passed in 2022, critical infrastructure entities […]
NYDFS Issues Guidance on Heightened Cybersecurity and Sanctions Risk from Global Conflict
Overview On June 23, 2025, the New York State Department of Financial Services (“NYDFS”) issued an industry letter encouraging all regulated entities to review their cybersecurity and sanctions compliance programs in light of heightened geopolitical tensions. The letter, titled “Impact of Global Conflict on Cybersecurity and Sanctions Risk,” emphasizes the elevated risk environment and reaffirms […]
Are You Ready For The Department Of Justice’s Bulk Data Transfer Rule?
On July 8, 2025, the Department of Justice (“DOJ”) is set to lift its self-imposed pause on enforcing certain violations of its Rule Preventing Access to US Sensitive Personal Data and Government-Related Data by Countries of Concern or Covered Persons (the “Bulk Data Rule” or “DOJ Rule”), 28 CFR Part 202. The Bulk Data Rule, […]