Sullivan & Cromwell Discusses Hacking and Cyber Threats to Director Communications

The growth in cybersecurity threats combined with the increasing demands placed on outside directors create challenges that often go beyond the risks that public companies face from employee and client communications.  If public companies cannot communicate quickly with directors or directors cannot easily share information and discuss options, corporate governance will suffer.  On the other hand, outside directors often have professional responsibilities to multiple organizations and, accordingly, are more likely to rely on electronic communications that are outside of any particular company’s technology resources.

Recent hacking incidents highlight the need for public companies to review their director communication practices to … Read more

Sullivan & Cromwell Discusses Enhanced Cyber Risk Management Standards In The Financial Sector

On October 19, 2016, the Board of Governors of the Federal Reserve System (“the Board”), the Office of the Comptroller of the Currency (“the OCC”), and the Federal Deposit Insurance Corporation (“the FDIC”, and the three agencies collectively, “the Agencies”) jointly issued an advance notice of proposed rulemaking (“the ANPR”) soliciting public comment on enhanced cyber risk management standards. The Agencies are considering enhanced standards designed to increase the operational resilience of large and interconnected entities under their supervision and certain of their service providers and to reduce the potential impact of a cyber-attack or other cyber-related failure on the … Read more

Sullivan & Cromwell discusses The Cybersecurity Act of 2015

On December 18, 2015, President Obama signed into law the Cybersecurity Act of 2015. The Act, arguably the most significant piece of federal cyber-related legislation enacted to date, establishes a mechanism for cybersecurity information sharing among private‑sector and federal government entities. It also provides safe harbors from liability for private entities that share cybersecurity information in accordance with certain procedures, and it authorizes various entities, including outside the federal government, to monitor certain information systems and operate defensive measures for cybersecurity purposes. The Act also contains provisions designed to bolster cybersecurity protections at federal agencies, assess the federal government’s cybersecurity … Read more