On May 21, 2026, the New York Department of Financial Services (NYDFS) issued industry guidance to licensees regarding security measures they should consider taking “in a heightened cybersecurity threat environment.” Even organizations not subject to NYDFS regulation may want to 
Cybersecurity
When AI becomes the cyber attacker: Mythos and what comes next
Anthropic’s April 7, 2026 announcement that it built a model too powerful for public consumption, Claude Mythos Preview (Mythos), marks a notable moment for the legal, compliance, and cybersecurity communities. It is no surprise that the US Department of the…
NYDFS Cybersecurity Enforcement: US$2.25m Fine Against Delta Dental

On April 30, 2026, the New York Department of Financial Services (NYDFS) announced a consent order with Delta Dental Insurance Company and Delta Dental of New York, Inc. for alleged violations of the NYDFS Cybersecurity Regulation relating to the 2023…
NY DFS’s new MFA guidance: closing common gaps before the next exam

Multi‑factor authentication (MFA) is now a well-established baseline cybersecurity control. The amended New York Department of Financial Services (NY DFS) solidified that understanding and expanded MFA requirements under 23 NYCRR Part 500 (the NY DFS…
Cybersecurity and Personal Data: The CNIL toughens its stance


On 9 February 2026, the Commission Nationale de l’Informatique et des Libertés (CNIL) published its 2025 report on its enforcement action. Beyond the €487 million – in cumulative fines – largely driven (unsurprisingly) by two sanctions related to cookies, another…
Heightened Cyber Risks in the Middle East: Geopolitical Tensions Fuel Digital Conflict



Introduction
The latest developments in the Middle East – marked by a significant surge in military activity and retaliatory strikes across the region – have been accompanied by a parallel intensification of cyber operations.
It is common in such situations…
The DOJ’s civil cyber-fraud initiative lives on: Insights from cybersecurity enforcement through the False Claims Act
The False Claims Act (“FCA”), the U.S. federal government’s principal civil anti-fraud statute, imposes liability on entities that knowingly submit, or cause the submission of, false or misleading claims for payment to the United States. The FCA has long served…
UK Cyber Security and Resilience Bill – new obligations for the data centre sector

This blog post includes headline points on new obligations for the data centre sector proposed under the Cyber Security and Resilience Bill, and existing obligations under the NIS Regulations.
NIS Regulations Keeling Schedule for the Cyber Security and Resilience Bill – changes to the UK’s cyber security law

The Cyber Security and Resilience Bill proposes changes to the UK’s NIS Regulations. Without a ‘Keeling Schedule’ marking up the amendments, these can be difficult to track. We have prepared a mark-up reflecting the proposed changes.
Service provider outages test customer resiliency

On November 18, 2025, companies had another opportunity to test their resiliency when connectivity and security provider Cloudflare had an outage of about four hours, which resulted in several popular websites going offline while others managed to provide some services…





