Skip to content

menu

Data Protection Report logo
HomeAboutContact
Search
Close
Compliance and risk managementRegulatory responseData breachCurrent Page:Cybersecurity
View topics Archives
Subscribe

Data Protection Report

Data protection legal insight at the speed of technology

Cybersecurity

Subscribe to Cybersecurity via RSS

NYDFS issues guidance “in a heightened cybersecurity environment”

Photo of Susana Medeiros (US)Photo of Bhavna Agnihotri (US)Photo of Susan Ross (US)
By Susana Medeiros (US), Bhavna Agnihotri (US) & Susan Ross (US) on June 3, 2026

On May 21, 2026, the New York Department of Financial Services (NYDFS) issued industry guidance to licensees regarding security measures they should consider taking “in a heightened cybersecurity threat environment.”  Even organizations not subject to NYDFS regulation may want to …

When AI becomes the cyber attacker: Mythos and what comes next

Photo of Will Daugherty (US)Photo of Ji Won Kim (US)Photo of Remi Gambino (US)Photo of Phillip Pang (US)
By Will Daugherty (US), Ji Won Kim (US), Remi Gambino (US) & Phillip Pang (US) on May 21, 2026

Anthropic’s April 7, 2026 announcement that it built a model too powerful for public consumption, Claude Mythos Preview (Mythos), marks a notable moment for the legal, compliance, and cybersecurity communities. It is no surprise that the US Department of the…

Subscribe to Data Protection Report

Subscribe to this publication

NYDFS Cybersecurity Enforcement: US$2.25m Fine Against Delta Dental

Photo of Susana Medeiros (US)Photo of Susan Ross (US)
By Susana Medeiros (US) & Susan Ross (US) on May 8, 2026

On April 30, 2026, the New York Department of Financial Services (NYDFS) announced a consent order with Delta Dental Insurance Company and Delta Dental of New York, Inc. for alleged violations of the NYDFS Cybersecurity Regulation relating to the 2023…

NY DFS’s new MFA guidance: closing common gaps before the next exam

Photo of Ji Won Kim (US)Photo of Susan Ross (US)
By Ji Won Kim (US) & Susan Ross (US) on March 23, 2026

Multi‑factor authentication (MFA) is now a well-established baseline cybersecurity control. The amended New York Department of Financial Services (NY DFS) solidified that understanding and expanded MFA requirements under 23 NYCRR Part 500 (the NY DFS…

Cybersecurity and Personal Data: The CNIL toughens its stance

Photo of Nadège Martin (FR)Photo of Laura HellocoPhoto of Geoffroy Coulouvrat (FR)
By Nadège Martin (FR), Laura Helloco & Geoffroy Coulouvrat (FR) on March 19, 2026

On 9 February 2026, the Commission Nationale de l’Informatique et des Libertés (CNIL) published its 2025 report on its enforcement action. Beyond the €487 million – in cumulative fines – largely driven (unsurprisingly) by two sanctions related to cookies, another…

Heightened Cyber Risks in the Middle East: Geopolitical Tensions Fuel Digital Conflict

Photo of Tim JonesPhoto of Shabnam KarimPhoto of Simon LambPhoto of Sajeedah Bari
By Tim Jones, Shabnam Karim, Simon Lamb & Sajeedah Bari on March 5, 2026

Introduction

The latest developments in the Middle East – marked by a significant surge in military activity and retaliatory strikes across the region – have been accompanied by a parallel intensification of cyber operations.

It is common in such situations…

The DOJ’s civil cyber-fraud initiative lives on: Insights from cybersecurity enforcement through the False Claims Act

Photo of Ji Won Kim (US)Photo of Shushan Gabrielyan (US)Photo of Leslie Ozuna (US)
By Ji Won Kim (US), Shushan Gabrielyan (US) & Leslie Ozuna (US) on February 11, 2026

The False Claims Act (“FCA”), the U.S. federal government’s principal civil anti-fraud statute, imposes liability on entities that knowingly submit, or cause the submission of, false or misleading claims for payment to the United States. The FCA has long served…

UK Cyber Security and Resilience Bill – new obligations for the data centre sector

Photo of Marcus Evans (UK)Photo of Rosie Nance
By Marcus Evans (UK) & Rosie Nance on December 3, 2025

This blog post includes headline points on new obligations for the data centre sector proposed under the Cyber Security and Resilience Bill, and existing obligations under the NIS Regulations. 

Continue reading

NIS Regulations Keeling Schedule for the Cyber Security and Resilience Bill – changes to the UK’s cyber security law

Photo of Marcus Evans (UK)Photo of Rosie Nance
By Marcus Evans (UK) & Rosie Nance on December 3, 2025

The Cyber Security and Resilience Bill proposes changes to the UK’s NIS Regulations. Without a ‘Keeling Schedule’ marking up the amendments, these can be difficult to track. We have prepared a mark-up reflecting the proposed changes.

Continue reading

Service provider outages test customer resiliency

Photo of Annmarie Giblin (US)Photo of Susan Ross (US)
By Annmarie Giblin (US) & Susan Ross (US) on November 26, 2025

On November 18, 2025, companies had another opportunity to test their resiliency when connectivity and security provider Cloudflare had an outage of about four hours, which resulted in several popular websites going offline while others managed to provide some services…

Post navigation

Older Posts 

Data Protection Report

Facebook Twitter RSS LinkedIn YouTube
Published by
Norton Rose Fulbright LLP logo
DisclaimerPrivacy policy

About

More than a news source, the Data Protection Report provides thought leadership on emerging privacy, data protection and cybersecurity issues, and helps its readers proactively address risks and anticipate next steps in this crucial emerging field.

Read more

Topics

Archives

Copyright © 2026, Norton Rose Fulbright LLP. All rights reserved.